Filter
Top Products
IPSec Commands
XSR CLI Reference Guide 14-107
Syntax
access-list acl-number {deny | permit} protocol [source_addr source_mask [eq port]
destination_addr destination_mask [eq port]
Syntax of the “no” Form
Thenoformofthiscommandremovestheaccesslist:
no access-list acl-number {deny | permit} protocol [source_addr source_mask [eq
port] destination_addr destination_mask [eq port]
Default
AnextendedACLdefaultstoalistthatdenieseverything.
Mode
Globalconfiguration:XSR(config)#
Examples
ThefollowingexampleconfigurestwoIPACLs:
XSR(config)#access-list 100 permit ip 0.0.0.0 255.255.255.255 192.168.1.0
XSR(config)#access-list 101 permit ip 0.0.0.0 255.255.255.255 host 10.123.234.45
ThefollowingACLssecureL2TP:
XSR(config)#access-list 120 permit udp any eq 1701 any
XSR(config)#access-list 130 permit udp any any eq 1701
acl-number
Auniquelydefinedaccesslistnumber.
deny
PreventstrafficfrombeingprotectedbyIPSecinthecontextofa
particularcryptomapentry:itdoesnotallowthepolicyassetin
crypto mapstatementstobeappliedtothistraffic.
permit
CausesallIPtrafficthatmatchesthespecifiedconditionstobe
protectedbyIPSecusingthepolicydescribedbythecorresponding
crypto mapcommandstatements.
protocol
NameornumberofanIPprotocol.Itcanbeoneofthekeywordsip,
tcp,orudp,oranintegerrangingfrom1to254representinganIP
protocolnumber.TomatchanyInternetprotocol,includingTCP,
andUDP,usethekeywordip.
eq port
Aclausetodefineamatchingsourceand/ordestinationport
number.Sourceand/ordestinationisdefinedbythelocationofthe
eqkeywordinthecommand.Aportnumberofzeromatchesany
port.MayonlybeusedwithTCPandUDPprotocols.
source-addr
Addressofthenetworkorhostfromwhichthepacketissent.
source-mask
Netmaskbits(mask)tobeappliedtosource_addr.
destination-addr
IPaddressofthenetworkorhosttowherethepacketissent.
destination-mask
Netmaskbits(mask)tobeappliedtodestination_addr.