Access Control List Commands (Standard)
This chapter is a reference for the standard Access Control List (ACL) commands:
ip access-list standard
Use this command to define a standard IP access control list (ACL) in which multiple specifications can be configured. A specification determines whether to accept or drop an incoming IP packet based on the source IP address, either an exact match or a range of prefixes.
Standard ACL can be used by L3 and SNMP protocols to permit or deny IP packets from a host or a range of prefixes.
Use the no form of this command to remove the ACL.
Note: Standard access-lists are not allowed to be attached on interfaces and are used for protocol level filtering purposes.
Command Syntax
ip access-list standard NAME
no ip access-list standard NAME
Parameters
NAME
Standard IP access-list name.
Default
No default value is specified
Command Mode
Configure mode
Applicability
This command was introduced in OcNOS version 3.0.
Examples
#configure terminal
(config)#ip access-list standard ip-acl-01
(config-ip-acl-std)#exit
(config)#no ip access-list standard ip-acl-01
ip access-list standard filter
Use this command to configure access control entry in an access control list (ACL).
This command determines whether to accept or drop a packet based on the configured source IP address.
Use the no form of this command to remove an ACL specification.
Command Syntax
(deny|permit) (A.B.C.D/M|A.B.C.D A.B.C.D|host A.B.C.D|any)
no (deny|permit) (A.B.C.D/M|A.B.C.D A.B.C.D|host A.B.C.D|any)
Parameters
deny
Drop the packet.
permit
Accept the packet.
A.B.C.D/M
Source IP prefix and length.
A.B.C.D A.B.C.D
Source IP address and mask.
host A.B.C.D
A single source host IP address.
any
Match any source IP address.
Default
No default value is specified
Command Mode
Standard IP access-list mode
Applicability
This command was introduced in OcNOS version 3.0
Examples
#configure terminal
(config)#ip access-list ip-acl-01
(config-ip-acl-std)#permit 30.30.30.0/24
(config-ip-acl-std)#no permit 30.30.30.0/24
Ipv6 access-list standard
Use this command to define a standard IPv6 access control list (ACL) in which multiple specifications can be configured. A specification determines whether to accept or drop an incoming IPv6 packet based on the source IPv6 address, either an exact match or a range of prefixes.
Standard IPv6 ACL can be used by L3 protocols to permit or deny IPv6 packets from a host or a range of prefixes.
Use the no form of this command to remove the ACL.
Note: Standard access-lists are not allowed to be attached on interfaces and are used for protocol level filtering purposes.
Command Syntax
ipv6 access-list standard NAME
no ipv6 access-list standard NAME
Parameters
NAME
Standard IPv6 access-list name.
Default
No default value is specified
Command Mode
Configure mode
Applicability
This command was introduced in OcNOS version 3.0.
Examples
#configure terminal
(config)#ipv6 access-list standard ipv6-acl-01
(config-ipv6-acl-std)#exit
(config)#no ipv6 access-list standard ipv6-acl-01
ipv6 access-list standard filter
Use this command to configure access control entry in an access control list (ACL).This determines whether to accept or drop a packet based on the configured IPv6 prefix.
Use the no form of this command to remove an ACL specification.
Command Syntax
(deny|permit)(X:X::X:X/M|X:X::X:X X:X::X:X|any)
no(deny|permit)(X:X::X:X/M|X:X::X:X X:X::X:X|any)
Parameters
deny
Drop the packet.
permit
Accept the packet.
X:X::X:X/M
Source address with network mask length.
X:X::X:X X:X::X:X
Source address with wild card mask.
any
Any source address.
Default
No default value is specified
Command Mode
Standard IPv6 access-list mode
Applicability
This command was introduced in OcNOS version 3.0.
Examples
#configure terminal
(config)#ipv6 access-list standard ipv6-acl-01
(config-ipv6-acl-std)#permit 2000::0/64
(config-ipv6-acl-std)#no permit 2000::0/64