Filter
Top Products
Chapter 73: Advanced Access Control Lists (ACLs)
1174
Here is an example of an ACL that filters tagged packets. See Table 126.
It blocks all tagged packets with the VID 14 from ports 5 and 6. The ACL is
assigned an ID number of 3122:
Numbered IPv4 ACL with ICMP Packets Example
This is the command format for creating Numbered IPv4 ACLs that filter
ICMP packets based on source and destination IPv4 addresses:
access-list
id_number action
icmp
src_ipaddress
dst_ipaddress
[vlan
vid
]
The ID_NUMBER parameter assigns the ACL a unique ID number in the
range of 3000 to 3699. Within this range, you can number ACLs in any
order.
The ACTION parameter specifies the action that the port performs on
packets matching the filtering criteria of the ACL. Here are the possible
actions:
permit— Forwards all ingress packets that match the ACL. Ports,
by default, accept all ingress packets. Consequently, a permit ACL
Table 126. ACL Filters Tagged IPv4 Packets Example
Command Description
awplus> enable Enter the Privileged
Executive mode from the
User Executive mode.
awplus# configure terminal Enter the Global
Configuration mode.
awplus(config)# access-list 3122 deny ip any any
vlan 14
Create the deny ACL with
the ACCESS-LIST IP
command.
awplus(config)# interface port1.0.5,
port1.0.6
Move to the Port Interface
mode for ports 5 and 6.
awplus(config_if)# access-group 3122 Apply the ACL to the port
with the ACCESS-GROUP
command.
awplus(config_if)# end Return to the Privileged
Exec mode.
awplus# show access-list Confirm the configuration
of the ACL.
awplus# show interface port1.0.5,port1.0.6
access-group
Confirm that the ACL has
been added to the port.