1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. IP SERVICES - CONFIGURATION GUIDE V 11.1.X
  6. Configuration manual

Access Lists; Filtering Prefixes; Configuration Example 1 - Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X Configuration Manual

Ip services configuration guide
Hide thumbs
Table of Contents

Advertisement

Access Lists

An access list is a sequential collection of permit and deny conditions that you can
use to filter inbound or outbound routes. You can use different kinds of access lists
to filter routes based on either the prefix or the AS path.

Filtering Prefixes

To filter routes based on the prefix, you can do any of the following:
The router compares each route's prefix against the conditions in the list or tree,
one-by-one. If the first match is for a permit condition, the route is accepted or
passed. If the first match is for a deny condition, the route is rejected or blocked.
The order of conditions is critical because testing stops with the first match. If no
conditions match, the router rejects or blocks the address; that is, the last action of
any list is an implicit deny condition for all routes. The implicit rule is displayed by
show access-list and show config commands.
You cannot selectively place conditions in or remove conditions from an access list,
prefix list, or prefix tree. You can insert a new condition only at the end of a list or
tree.

Configuration Example 1

The following example shows how the implicit deny condition appears:
host1(config-match-policy-list)#
Use the no version to delete the match policy list.
See ip match-policy-list.
Define an access list with the access-list or ipv6 access-list command, and apply
the list to routes received from or passed to a neighbor with the neighbor
distribute-list command.
Define a prefix list with the ip prefix-list command, and apply the list to routes
received from or passed to a neighbor with the neighbor prefix-list command.
Define a prefix tree with the ip prefix-tree command, and apply the list to routes
received from or passed to a neighbor with the neighbor prefix-tree command.
host1(config)#access-list 1 permit 10.10.10.1 0.0.0.255
host1(config)#access-list 2 permit 10.25.25.1 0.0.0.255
host1(config)#access-list 3 permit any any
host1(config)#show access-list
IP Access List 1:
permit ip 10.10.10.1 0.0.0.255 any
deny ip any any
IP Access List 2:
permit ip 10.25.25.1 0.0.0.255 any
deny ip any any
IP Access List 3:
Chapter 1: Configuring Routing Policy
Access Lists
21

Advertisement

Table of Contents
loading

Related Manuals for Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X

Related Content for Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X

This manual is also suitable for:

Junose 11.1.x ip servicesJunose v 11.1

Table of Contents