Allied Telesis AT-9000/28POE Switch User Manual


  Open as PDF
of 1480
 
AT-9000 Switch Command Line User’s Guide
1177
The VLAN parameter determines if an ACL filters VLANs. You use the
parameter to specify the VID. You can specify one VID per command. If
you omit this parameter, the ACL applies to all traffic. In other words, no
filtering is done by the ACL based on the VLAN.
This example creates a deny access list to ports 5 and 6 so that they
discard all tagged ingress packets that contain protocol 17, a VID of 12,
and originate from the 152.12.45.0 subnet. The access list is assigned the
ID number 3011:
Numbered IPv4 ACL with TCP Port Packets Example
This is the command format for creating Numbered IPv4 ACLs that filter
packets from TCP ports based on source and destination IPv4 addresses:
access-list
id_number action tcp src_ipaddress
eq|lt|gt|ne|range
src_tcp_port dst_ipaddress
eq|lt|gt|ne|range
dst_tcp_port
[vlan
vid
]
The ID_NUMBER parameter assigns the ACL a unique ID number in the
range of 3000 to 3699. Within this range, you can number ACLs in any
order.
The ACTION parameter specifies the action that the port performs on
packets matching the filtering criteria of the ACL. Here are the possible
actions:
permit— Forwards all ingress packets that match the ACL. Ports,
by default, accept all ingress packets. Consequently, a permit ACL
is only necessary when you want a port to forward a subset of
packets that are otherwise discarded.
deny— Discards all ingress packets that match the ACL.
copy-to-mirror— Copies all ingress packets that match the ACL to
the destination port of the mirror port. This action must be used
together with the port mirror feature, explained in Chapter 21, “Port
Mirror” on page 379.
Table 128. Numbered IPv4 ACL with Protocol Example
Command Description
awplus> enable Enter the Privileged Executive mode from
the User Executive mode.
awplus# configure terminal Enter the Global Configuration mode.
awplus(config)# access-list 3011
deny proto 17 152.12.45.0/24 any
vlan 12
Create a Numbered IPv4 ACL with an ID of
3011 that denies protocol 17 packets and
VLAN ID 12 from the host source address of
152.12.45.0/24 subnet.
 previous next