permit (ex3500-std acl)
Creates a permit rule that allows
packets from a specified source or sources. The source can be a single device or a range of
devices within a specified network. Use this command to also edit an existing permit
rule.
Supported in the following platforms:
- Service Platforms — NX5500, NX7500,
NX9500, NX9600, VX9000
Syntax
permit [<SOURCE-NETWORK-IP/MASK>|any|host <SOURCE-HOST-IP>]
{ex3500-time-range <TIME-RANGE-NAME>}
Parameters
permit [<SOURCE-NETWORK-IP/MASK>|any|host <SOURCE-HOST-IP>]
{ex3500-time-range <TIME-RANGE-NAME>}
| permit [<SOURCE-NETWORK-IP/MASK>| any| host
<SOURCE-HOST-IP>] |
Creates a permit rule that allows packets from a specified source or a network.
Use one of the following options to specify the source: any, host, or network.
- <SOURCE-NETWORK-IP/MASK>
– Configures a network as the source. Provide the network‘s IPv4 address along
with the mask.
- host <SOURCE-HOST-IP> –
Configures a single device as the source. Provide the host device‘s IPv4
address.
- any – Specifies that the source
can be any device
|
| ex3500-time-range <TIME-RANGE-NAME> |
Optional. Applies a periodic or absolute time range to this permit rule
- <TIME-RANGE-NAME> –
Specify the time range name (should be existing and configured). The ACL is
triggered during the time period configured in the specified EX3500 time range. For information on configuring EX3500 time-range, see ex3500 .
|
Examples
nx9500-6C8809(config-ip-ex3500-std-acl-test)#permit host 192.168.13.13 ex3500-time-range EX3500_TimeRange_01
nx9500-6C8809(config-ip-ex3500-std-acl-test)#show contextnx9500-6C8809(config-ip-ex3500-std-acl-test)#show context
ip ex3500-std-access-list test
deny 192.168.14.0/24
permit host 192.168.13.13 ex3500-time-range EX3500_TimeRange_01
nx9500-6C8809(config-ip-ex3500-std-acl-test)#
nx9500-6C8809(config-ip-ex3500-std-acl-test)#
