Reference Guide
Access Control Lists (ACL) | 195
Standard IP ACL Commands
When an ACL is created without any rule and then applied to an interface, ACL
behavior reflects an implicit permit.
c and s platforms support Ingress IP ACLs only.
The commands needed to configure a Standard IP ACL are:
• deny
• ip access-list standard
• permit
• resequence access-list
• resequence prefix-list ipv4
• seq
deny
c e s
Configure a filter to drop packets with a certain IP address.
Syntax
deny {source [mask] | any | host ip-address} [count [byte] | log] [dscp value] [order]
[
monitor] [fragments]
To remove this filter, you have two choices:
• Use the
no seq sequence-number command syntax if you know the filter’s
sequence number or
• Use the
no deny {source [mask] | any | host ip-address} command.
Parameters
Note: Refer also to Commands Common to all ACL Types and Common IP ACL
Commands.
source Enter the IP address in dotted decimal format of the network from which
the packet was sent.
mask
(OPTIONAL) Enter a network mask in /prefix format (/x) or A.B.C.D.
The mask, when specified in A.B.C.D format, may be either contiguous or
non-contiguous (discontiguous).
any
Enter the keyword any to specify that all routes are subject to the filter.
host ip-address
Enter the keyword host followed by the IP address to specify a host IP
address only.
count
(OPTIONAL) Enter the keyword count to count packets processed by the
filter.