Manualshelf

- Foundry Router User Guide

ManualsBrandsFoundry Networks ManualsNetwork RouterAR3201
21222324252627282930
Foundry AR-Series Router User Guide
3 - 6 © 2004 Foundry Networks, Inc. June 2004
configure policy ip_access_list
This command configures the IP access list for routes.
Ip access lists are used for matching any type of route prefix. An IP access list is said to succeed if any “permit”
line in the list matches, or fails, if any “deny” line matches. Matching proceeds sequentially and stops at the first
match. A line in an IP access list is said to match according to the rules listed below.
network netmask
Matches addresses as follows: The bits in the address part of the route being masked that are not covered by
“one” bits in net mask must be equal to the corresponding bits in network. The “one” bits in net mask are
sometimes referred to as “don’t care” bits, because the policy engine does not care what their values are.
network netmask mask maskmask
Matches addresses as follows: The first pair of parameters (network, maskmask) match the address part of
the route just as in the previous (network netmask) form. The second pair of parameters (mask, maskmask)
are used to match against the mask part of the route being matched in a similar fashion. That is, the route is
matched if the address part matches and the bits in the mask that are not covered by “one” bits in net mask
are equal to the corresponding bits in mask.
If neither permit nor deny is specified, the default is permit. All kinds of access_list entries may be mixed freely
within a list, and there are no restrictions on what the access_list number may be. Any number of IP access list
lines may be declared. They are evaluated in the order declared.
Parameter Description
syntax:
[ no ] policy ip_access_list access_list < n > number < n > action < deny | permit > [ network < IP address > ] [
netmask < IP address > ] [ mask < IP address > ] [ maskmask < IP address > ]
example:
Foundry-AR1208/configure# policy ip_access_list 1 1 permit network 10.0.0.0 netmask 0.255.255.255
This example permits prefixes 10.0.0.0/8, 10.0.0.0/9 and so on.
access_list Access list number
The range is 1 - 99
number Sequence to insert to or delete from an existing access list entry.
The range is 0 - 65535.
action
deny Route map deny set operation.
permit Route map permit set operation.
network Network route (IP address in dotted notation)
netmask Network mask as wildcard bits (IP address in dotted notation)
mask Network route’s mask (IP address in dotted notation)
maskmask Wildcard mask for network route’s mask ( in dotted notation)