To create an IP access-list and specify packets to be forwarded depending on associated parameters, trigger provisioning of active filter rules to hardware based on configured priority, or configure the provision mode for the access list, use the command access-list in Global Configuration Mode. The no form of the command deletes the IP access-list with a specified access-list number.
| Parameter | Type | Description |
|---|---|---|
<access list> |
Enter an access list number- a number from 1 to 65535. | |
permit |
Permits access if conditions are matched | |
deny |
Deny access if conditions are matched | |
any |
Enter to permit or deny packets from all addresses | |
host |
Permits or denies packets from the source | |
<ucast_addr> |
A.B.C.D | Enter unicast IP address of the source |
A.B.C.D <ucast_addr> |
A.B.C.D | Enter unicast IP address of the destination |
<ip_mask> |
A.B.C.D | Enter IP mask of the destination |
commit |
Specify to trigger provisioning of active filter rules to hardware based on configured priority. This command is applicable only when provision mode is consolidated. Traffic flow would be impacted when filter-rules are reprogrammed to hardware | |
provision mode |
Enter to specify provisioning mode | |
consolidated |
Enter to specify consolidated provisioning mode. When the provision mode is set to consolidated, the active filter rules are programmed to the hardware based on configured priority only when a commit trigger is issued. | |
immediate |
Enter to specify immediate provisioning mode. In the immediate mode, the active filter rules are programmed immediately in the order of creation. |
Global Configuration Mode
iS5Comm(config)# access-list 2 permit any
iS5Comm(config)# access-list provision mode consolidated
iS5Comm(config)# access-list commit
iS5Comm(config)# no access-list 2