This is the documentation for the 20.02 version. Looking for the documentation of the latest version? Have a look here.
Dynamic Routing Access Lists¶
Access List entries determine if networks are allowed or denied in specific contexts used in various routing daemons. For example, an access list may be used to determine if a route is accepted or rejected, or for limiting routes distributed to neighbors.
The order of entries inside access lists is important, and this order is determined by a sequence number.
Access List Configuration¶
To create a new access list, use the
route dynamic access-list <name>
command, which enters
tnsr(config)# route dynamic access-list myacl tnsr(config-access-list)#
config-access-list mode contains the following commands:
- remark <text>
A text comment to describe this access list.
- sequence <sequence-number> (permit|deny) <ip-prefix>
Creates a new rule with the specified sequence number to
denya given prefix.
- sequence <sequence-number>
The sequence number for this rule, which controls the order in which rules are matched inside this access list. Each rule in an access list must have a unique sequence number. Best practice is to leave gaps in the sequence to allow for adding rules in the future. For example, use
30, rather than
The action to take for this rule, either
The IP prefix to match for this rule, given in network/prefix notation. For example,
Access List Example¶
For example, the following ACL would deny
192.168.0.0/16 but permit all
tnsr(config)# route dynamic access-list myacl tnsr(config-access-list)# sequence 10 deny 192.168.0.0/16 tnsr(config-access-list)# sequence 20 permit 0.0.0.0/0 tnsr(config-access-list)# exit tnsr(config)#
This access list would then be used in another context, such as with a route
map, to match routes for anything except
192.168.0.0/16 when taking other
Access List Status¶
To view access lists, use the
show route dynamic access-list [name] command.
Add the name of an access list to restrict the output to a single access list.
tnsr# show route dynamic access-list Access List: myacl Remark: Seq Action Prefix --- ------ -------------- 10 deny 192.168.0.0/16 20 permit 0.0.0.0/0