Reference Guide
ethernet1/1/29
seq 10 deny ip any any fragment count (100 packets)
Clear access-list counters
Clear IPv4, IPv6, or MAC access-list counters for a specic access-list or all lists. The counter counts the number of packets that match
each permit or deny statement in an access-list. To get a more recent count of packets matching an access-list, clear the counters to start
at zero. If you do not congure an access-list name, all IP access-list counters clear.
To view access-list information, use the show access-lists command.
• Clear IPv4 access-list counters in EXEC mode.
clear ip access-list counters access-list-name
• Clear IPv6 access-list counters in EXEC mode.
clear ipv6 access-list counters access-list-name
• Clear MAC access-list counters in EXEC mode.
clear mac access-list counters access-list-name
IP prex-lists
IP prex-lists control the routing policy. An IP prex-list is a series of sequential lters that contain a matching criterion and an permit or
deny action to process routes. The lters process in sequence so that if a route prex does not match the criterion in the rst lter, the
second lter applies, and so on.
A route prex is an IP address pattern that matches on bits within the IP address. The format of a route prex is A.B.C.D/x, where
A.B.C.D is a dotted-decimal address and /x is the number of bits that match the dotted decimal address.
When the route prex matches a lter, the system drops or forwards the packet based on the lter’s designated action. If the route prex
does not match any of the lters in the prex-list, the route drops (implicit deny).
For example, in 112.24.0.0/16, the rst 16 bits of the address 112.24.0.0 match all addresses between 112.24.0.0 to
112.24.255.255. Use permit or deny lters for specic routes with the le (less or equal) and ge (greater or equal) parameters, where
x.x.x.x/x represents a route prex:
• To deny only /8 prexes, enter deny x.x.x.x/x ge 8 le 8
• To permit routes with the mask greater than /8 but less than /12, enter permit x.x.x.x/x ge 8 le 12
• To deny routes with a mask less than /24, enter deny x.x.x.x/x le 24
• To permit routes with a mask greater than /20, enter permit x.x.x.x/x ge 20
The following rules apply to prex-lists:
• A prex-list without permit or deny lters allows all routes
• An “implicit deny” is assumed — the route drops for all route prexes that do not match a permit or deny lter
• After a route matches a lter, the lter’s action applies and no additional lters apply to the route
Use prex-lists in processing routes for routing protocols such as OSPF, RTM, and BGP.
To congure a prex-list, use commands in PREFIX-LIST and ROUTER-BGP modes. Create the prex-list in PREFIX-LIST mode and assign
that list to commands in ROUTER-BGP modes.
488
Access Control Lists