Reference Guide
Usage
Information
The number of entries allowed per ACL is hardware-dependent. For detailed specification on
entries allowed per ACL, refer to your line card documentation.
Prior to 7.8.1.0, names are up to 16 characters long.
Example
FTOS(conf)#ip access-list extended TESTListEXTEND
FTOS(config-ext-nacl)#
Related
Commands
ip access-list standard — configures a standard IP access list.
show config — displays the current configuration.
permit
To pass IP packets meeting the filter criteria, configure a filter.
S4820T
Syntax
permit {source mask | any | host ip-address} {destination mask
| any | host ip-address} [count [bytes]] [dscp value] [order]
[fragments]
To remove this filter, you have two choices:
• Use the no seq sequence-number command if you know the filter’s sequence
number.
• Use the no deny {source mask | any | host ip-address}
{destination mask | any | host ip-address} command.
Parameters
source
Enter the IP address in dotted decimal format of the network from
which the packet was sent.
mask
(OPTIONAL) Enter a network mask in /prefix format (/x) or A.B.C.D.
The mask, when specified in A.B.C.D format, may be either
contiguous or non-contiguous.
any Enter the keyword any to specify that all routes are subject to the
filter.
host
ip-address
Enter the keyword host then the IP address to specify a host IP
address or hostname.
destination
Enter the IP address of the network or host to which the packets are
sent.
count (OPTIONAL) Enter the keyword count to count packets processed
by the filter.
bytes (OPTIONAL) Enter the keyword bytes to count bytes processed by
the filter.
dscp (OPTIONAL) Enter the keyword dcsp to match to the IP DCSCP
values.
order (OPTIONAL) Enter the keyword order to specify the QoS priority for
the ACL entry. The range is from 0 to 254 (where 0 is the highest
priority and 254 is the lowest; lower-order numbers have a higher
202