Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    access-list

    Syntax

    Standard IP access list:

    access-list accessListName { permit | deny }
    { srcIP srcWildIp | [ host ] srcIPHost | any } [ log ]

    no access-list accessListName [ { permit | deny }
    { srcIP srcWildIp | [ host ] srcIPHost | any } [ log ] ]

    Extended IP access list:

    access-list accessListName { permit | deny } ip { srcIP srcWildIp |
    host srcIPHost | any } { dstIP dstWildIp | host dstIPHost | any } [ log ]

    no access-list accessListName [ { permit | deny } ip { srcIP srcWildIp |
    host srcIPHost | any } { dstIP dstWildIp | host dstIPHost | any } [ log ] ]

    Release Information

    Command introduced before JunosE Release 7.1.0.

    Description

    Defines a standard or extended IP access list. The extended access list enables you to specify a destination address or host, precedence, and type of service. This command imposes an implicit last rule of “deny ip any any” to deny all routes that do not match previous rules in the access list. The no version removes the IP access list, the specified entry in an access list, or the log for a specified entry.

    Options

    • accessListName—String of up to 32 alphanumeric characters
    • permit—Permits access if the conditions are matched
    • deny—Denies access if the conditions are matched
    • srcIP—Source IP address from which the packet is being sent
    • srcWildIp—Wildcard mask IP address
    • hostIdentifies the address as a host
    • srcIPHost—Source host IP address; assumes a wildcard mask of 0
    • anyCreates an address of 0.0.0.0 with a wildcard mask of 255.255.255.255
    • dstIP—Destination IP address
    • dstWildIp—Wildcard mask IP address for destination
    • dstIPHost—Destination host IP address to which the packet is being sent
    • log—Logs an Info event into the ipAccessList log whenever the access-list rule is matched

    Mode

    Global Configuration

    Published: 2014-08-20