host1(config-match-policy-list)#
■
Use the
no
version to delete the match policy list.
■
See ip match-policy-list.
Access Lists
An access list is a sequential collection of permit and deny conditions that you can
use to filter inbound or outbound routes. You can use different kinds of access lists
to filter routes based on either the prefix or the AS path.
Filtering Prefixes
To filter routes based on the prefix, you can do any of the following:
■
Define an access list with the
access-list
or
ipv6 access-list
command, and apply
the list to routes received from or passed to a neighbor with the
neighbor
distribute-list
command.
■
Define a prefix list with the
ip prefix-list
command, and apply the list to routes
received from or passed to a neighbor with the
neighbor prefix-list
command.
■
Define a prefix tree with the
ip prefix-tree
command, and apply the list to routes
received from or passed to a neighbor with the
neighbor prefix-tree
command.
The router compares each route's prefix against the conditions in the list or tree,
one-by-one. If the first match is for a permit condition, the route is accepted or
passed. If the first match is for a deny condition, the route is rejected or blocked.
The order of conditions is critical because testing stops with the first match. If no
conditions match, the router rejects or blocks the address; that is, the last action of
any list is an implicit deny condition for all routes. The implicit rule is displayed by
show access-list
and
show config
commands.
You cannot selectively place conditions in or remove conditions from an access list,
prefix list, or prefix tree. You can insert a new condition only at the end of a list or
tree.
Configuration Example 1
The following example shows how the implicit deny condition appears:
host1(config)#
access-list 1 permit 10.10.10.1 0.0.0.255
host1(config)#
access-list 2 permit 10.25.25.1 0.0.0.255
host1(config)#
access-list 3 permit any any
host1(config)#
show access-list
IP Access List 1:
permit ip 10.10.10.1 0.0.0.255 any
deny ip any any
IP Access List 2:
permit ip 10.25.25.1 0.0.0.255 any
deny ip any any
IP Access List 3:
Access Lists
■
21
Chapter 1: Configuring Routing Policy
Summary of Contents for IP SERVICES - CONFIGURATION GUIDE V 11.1.X
Page 6: ...vi...
Page 8: ...viii JUNOSe 11 1 x IP Services Configuration Guide...
Page 18: ...xviii Table of Contents JUNOSe 11 1 x IP Services Configuration Guide...
Page 20: ...xx List of Figures JUNOSe 11 1 x IP Services Configuration Guide...
Page 22: ...xxii List of Tables JUNOSe 11 1 x IP Services Configuration Guide...
Page 28: ...2 Chapters JUNOSe 11 1 x IP Services Configuration Guide...
Page 138: ...112 Monitoring J Flow Statistics JUNOSe 11 1 x IP Services Configuration Guide...
Page 286: ...260 Monitoring IP Tunnels JUNOSe 11 1 x IP Services Configuration Guide...
Page 312: ...286 Monitoring IP Reassembly JUNOSe 11 1 x IP Services Configuration Guide...
Page 357: ...Part 2 Index Index on page 333 Index 331...
Page 358: ...332 Index JUNOSe 11 1 x IP Services Configuration Guide...