Syntax:
Standard Access List #>entry <id> deny
Example:
Standard Access List 1>entry 3 deny
Standard Access List 1>
2.4.2.4 ENTRY <id> SOURCE
Establishes the IP parameters sentence in the message ‘source’ addressing.
Syntax:
Standard Access List #>entry <id> source <parameter> [options]
The following options can be introduced in the IP source sentence.
Standard Access List #>entry <id> source ?
address
IP address and mask of the source subnet
2.4.2.4.1 ENTRY <id> SOURCE ADDRESS
Establishes the source IP address sentence. A mask is used to indicate the selected range of addresses. This ad-
dress may not be numbered, meaning you can enter an address associated to an interface that is unknown when
configuring the device (assigned by a different mechanism, such as PPP).
In cases where you want to specify a range of addresses you can, for practical reasons, take two types of masks into
consideration:
Standard subset mask: This corresponds to the masks normally used to define subnets. E.g. 255.255.255.0 (which is
equivalent to a /24 subnet).
Wildcard mask: This can be considered as a generalization of the previous type. Through a wildcard mask you can
delimit, more specifically, the address groups checked with the entry. To do this, the active bits in the wildcard mask
indicate
the exact position of the address bit that must be checked
by the entry. Please check the double examples
in the following table to better understand these concepts.
Address
Wildcard mask
Matching entry
172.24.0.127
255.255.0.255
Matches source addresses 172.24.x.127 regardless of the value of x.
(E.g. 172.24.12.127)
0.0.0.67
0.0.0.255
Matches source addresses x.x.x.67, regardless of the x values. (E.g.
10.150.130.67)
0.0.130.0
0.0.254.0
Matches source addresses x.x.130.x and x.x.131.x, regardless of the
x values. (E.g. 18.102.130.2, 192.168.131.125)
192.0.125.0
255.0.253.0
Matches source addresses 192.x.125.x and 192.x.127.x, regardless
of the x values. (E.g. 192.142.125.8, 192.3.127.135)
192.0.125.0
254.0.253.0
Matches source addresses 192.x.125.x, 193.x.125.x, 192.x.127.x
and 193.x.127.x, regardless of the x values. (E.g. 192.222.125.44,
193.111.127.201)
So the user better understands the concepts associated to wildcard configuration,
the positions of the mask bits
whose values are 0, must also be 0 in the address.
Otherwise, the device will issue an error message and suggest
an address that adapts to the mask provided. The user must check whether this address matches the required con-
figuration.
For example, if you try to enter address 172.24.155.130 in the command with mask 255.255.254.255, the device will
issue an error message. This is because the last bit in the mask's third octet (254) does not match the one in the ad-
dress (155). In this case, the device will suggest address 172.24.154.130.
When configuring an IP address, you must enter the IP address and the mask. When configuring an interface, you
must enter its number.
Syntax:
a) IP Address
Standard Access List #>entry <id> source address <address> <mask>
b) Interface
bintec elmeg
2 Configuration
Access Control
9
