Creating Access List Rules

Before you create a dynamic translation, create the access list rules that you plan to apply to the translation. For information about configuring access lists, see Configuring Routing Policy.

The router evaluates multiple commands for the same access list in the order they were created. An undefined access list implicitly contains a rule to permit any. A defined access list implicitly ends with a rule to deny any.

Note: The access lists do not filter any packets; they determine whether the packet requires translation.

You use the access-list command to create an access list.

access-list

• Use to define an IP access list to permit or deny translation based on the addresses in the packets.
• Each access list is a set of permit or deny conditions for routes that are candidates for translation (that is, moving from the inside network to the outside network).
• A zero in the wildcard mask means that the route must exactly match the corresponding bit in the address. A one in the wildcard mask means that the route does not have to match the corresponding bit in the address.
• Use the log keyword to log an Info event in the ipAccessList log whenever matching an access list rule.
• Example

  host1(config)#access-list bronze permit ip host any 228.0.0.0 0.0.0.255

• Use the no version to delete the access list (by not specifying any other options), the specified entry in the access list, or the log for the specified access list or entry (by specifying the log keyword).
• See access-list.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.