Defining IP Access Lists

You can use the access-list command to define an IP access list to permit or deny routes on the basis of the prefix.

Each access list is a set of permit or deny conditions (based on how they match a route's prefix) for a route. A zero in the wildcard mask means that the corresponding bit in the address must be exactly matched by the route. A one in the wildcard mask means that the corresponding bit in the address does not have to be matched by the route.

You can use the neighbor distribute-list command to apply the access list to routes received from or forwarded to a neighbor.

You can use the log keyword to log an Info event in the ipAccessList log whenever an access list rule is matched.

To define an IP access list to permit routes on the basis of the prefix:

host1(config)#access-list bronze permit ip host any 228.0.0.0 0.0.0.255

Use the no version to delete an IP access list (no other options specified), the specified entry in the access list, or the log for the specified access list or entry (by specifying the log keyword).

Related Documentation