BSR 64000 Command Reference Guide
access-list (extended)
The access-list (extended) command defines an extended access list to configure and
control the flow of routing information and traffic by matching a packet with a permit
or deny result. The no access-list command deletes the access-list.
Use the access-list command to restrict routing update information; control the
transmission of packets on an interface, or control virtual terminal line access.
Group Access
ISP
Command Mode
Global Configuration
Command Line Usage
To configure an extended access list for AHP, ESP, GRE, IP, IPINIP, OSPF, PCP, PIM,
and VRRP, use the following command:
access-list <100-199> <2000-2699> {deny | permit} {<0-255> | ahp | esp | gre | ip |
ipinip | ospf | pcp | pim | vrrp} {<A.B.C.D> <A.B.C.D> | any | host <A.B.C.D>}
(<A.B.C.D> <A.B.C.D> | any | host <A.B.C.D>}
To configure an extended access list for ICMP, use the following command:
access-list <100-199> <2000-2699> {deny | permit} icmp {<A.B.C.D> <A.B.C.D> |
any | host <A.B.C.D>} (<A.B.C.D> <A.B.C.D> | any | host <A.B.C.D>} [<0-255> |
administratively-prohibited | alternate-address | dod-host-prohibited |
dod-net-prohibited | echo | echo-reply | general-parameter-problem |
host-isolated | host-precedence-unreachable | host-redirect | host-tos-redirect |
host-tos-unreachable | host-unknown | host-unreachable | information-reply |
information-request | mask-reply | mask-request | net-redirect | net-tos-redirect |
net-tos-unreachable | net-unreachable | network-unknown | no-room-for-option |
option-missing | packet-too-big | parameter-problem | port-unreachable |
precedence-unreachable | protocol-unreachable | reassembly-timeout | redirect |
router-advertisement | router-solicitation | source-quench | source-route-failed |
time-exceeded | timestamp-reply | timestamp-request | ttl-exceeded |
unreachable]
5-4