access-list

Syntax

Standard IP access list:

access-list accessListName { permit | deny }
{ srcIP srcWildIp | [ host ] srcIPHost | any } [ log ]

no access-list accessListName [ { permit | deny }
{ srcIP srcWildIp | [ host ] srcIPHost | any } [ log ] ]

Extended IP access list:

access-list accessListName { permit | deny } ip { srcIP srcWildIp |
host srcIPHost | any } { dstIP dstWildIp | host dstIPHost | any } [ log ]

no access-list accessListName [ { permit | deny } ip { srcIP srcWildIp |
host srcIPHost | any } { dstIP dstWildIp | host dstIPHost | any } [ log ] ]

Release Information

Command introduced before JunosE Release 7.1.0.

Description

Defines a standard or extended IP access list. The extended access list enables you to specify a destination address or host, precedence, and type of service. This command imposes an implicit last rule of “ deny ip any any” to deny all routes that do not match previous rules in the access list. The no version removes the IP access list, the specified entry in an access list, or the log for a specified entry.

Options

• accessListName—String of up to 32 alphanumeric characters
• permit—Permits access if the conditions are matched
• deny—Denies access if the conditions are matched
• srcIP—Source IP address from which the packet is being sent
• srcWildIp—Wildcard mask IP address
• host—Identifies the address as a host
• srcIPHost—Source host IP address; assumes a wildcard mask of 0
• any—Creates an address of 0.0.0.0 with a wildcard mask of 255.255.255.255
• dstIP—Destination IP address
• dstWildIp—Wildcard mask IP address for destination
• dstIPHost—Destination host IP address to which the packet is being sent
• log—Logs an Info event into the ipAccessList log whenever the access-list rule is matched

Mode

Global Configuration