You are here: Home > CLI Commands > Just_CLI_Topics > ip access-list extended

ip access-list extended

ip access-list extended <accname>

deny <protocol> <source> <dest>

ipv6 <protocol> <source> <dest>

no ...

permit <protocol> <source> <dest>

Description

This command configures an extended ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.. To configure IPv6 specific rules, use the ipv6 keyword for each rule.

Syntax

Parameter

Description

Range

extended <accname>

Define an access list, where <accname> is a name, or a number in the specified range.

100-199, 2000-2699

deny

Reject the specified packets.

<protocol>

Protocol, which can be one of the following:

any: any protocol

icmp: Internet Control Message Protocol

igmp: Internet GatewayGateway is a network node that allows traffic to flow in and out of the network. Message Protocol

tcp: Transmission Control Protocol

udp: User Datagram Protocol

<0-255>: An IP protocol number between 0-255

<source>

Source, which can be one of the following:

any: any source

host: specify a single host IP address

A.B.C.D: IPv4 source address and wildcard

<dest>

Destination, which can be one of the following:

any: any destination

host: specify a single host IP address

A.B.C.D: IPv4 destination address and wildcard

ipv6 <deny | permit>

Use the ipv6 keyword to add IPv6 specific rules.

<protocol>

Protocol, which can be one of the following:

any: any protocol

icmpv6: Internet Control Message Protocol

tcp: Transmission Control Protocol

udp: User Datagram Protocol

<0-255>: An IP protocol number between 0-255

<source>

Source, which can be one of the following:

any: any source

host: specify a single host IP address

X:X:X:X::X/<0-128>: IPv6 source address and wildcard

<dest>

Destination, which can be one of the following:

any: any destination

host: specify a single host IP address

X:X:X:X::X/<0-128>: IPv6 destination address and wildcard

no

Negates any configured parameter.

permit

Allow the specified packets.

 

<protocol>

Protocol, which can be one of the following:

any: any protocol

icmp: Internet Control Message Protocol

igmp: Internet GatewayGateway is a network node that allows traffic to flow in and out of the network. Message Protocol

tcp: Transmission Control Protocol

udp: User Datagram Protocol

<0-255>: An IP protocol number between 0-255

<source>

Source, which can be one of the following:

any: any source

host: specify a single host IP address

A.B.C.D: IPv4 source address and wildcard

<dest>

Destination, which can be one of the following:

any: any destination

host: specify a single host IP address

A.B.C.D: IPv4 destination address and wildcard

Usage Guidelines

Extended ACLsAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. are supported for compatibility with router software from other vendors. This ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. permits or denies traffic based on the source or destination IP address or IP protocol.

Example

The following command configures an extended ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.:

(host) [mynode] (config) #ip access-list extended 100

(host) [mynode] (config-submode) #deny any host 1.1.21.245 any

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platform

License

Command Mode

All platforms

Requires the PEFNGPolicy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel. license.

Config mode on Mobility Master.

/*]]>*/