Support User Manuals

Allied Telesis AT-9000/28POE Switch User Manual

Open as PDF

of 1480

AT-9000 Switch Command Line User’s Guide

1179

The following example configures two Numbered IPv4 ACLs. ACL 3017

permits packets from TCP port 67 to 87 on IPv4 addresses 154.11.234.0/

24 to 154.11.235.0/24. ACL 3005 denies packets from TCP ports 67

through 87 to any IPv4 address. This example requires a permit ACL

because the permitted traffic is a subset of all TCP packets on the port:

Numbered IPv4 ACL with UDP Port Packets Example

access-list

id_number action

udp

src_ipaddress

eq|lt|gt|ne|range

src_udp_port dst_ipaddress

eq|lt|gt|ne|range

dst_udp_port

vlan

vid

The ID_NUMBER parameter assigns the ACL a unique ID number in the

range of 3000 to 3699. Within this range, you can number ACLs in any

order.

The ACTION parameter specifies the action that the port performs on

packets matching the filtering criteria of the ACL. Here are the possible

actions:

 permit— Forwards all ingress packets that match the ACL. Ports,

by default, accept all ingress packets. Consequently, a permit ACL

is only necessary when you want a port to forward a subset of

packets that are otherwise discarded.

 deny— Discards all ingress packets that match the ACL.

 copy-to-mirror— Copies all ingress packets that match the ACL to

the destination port of the mirror port. This action must be used

Table 129. Numbered IPv4 ACL with TCP Port Packets Example

Command Description

awplus> enable Enter the Privileged Executive mode from

the User Executive mode.

awplus# configure terminal Enter the Global Configuration mode.

awplus(config)# access-list 3017

permit tcp 154.11.234.0/24 range 67

87 154.11.235.0/24

range 67 87

Define ACL 3017 to permit packets from TCP

port 67 to 87 on IPv4 addresses

154.11.234.0/24 to 154.11.235.0/24.

awplus(config)# access-list 3005

deny tcp any any range 67 87

Define ACL 3005 to deny packets from TCP

ports 67 through 87 to any IPv4 address.

awplus(config)# interface port1.0.21 Move to the Port Interface mode for port 21.

awplus(config_if)# access-group 3017 Apply ACL 3017 to the port with the

ACCESS-GROUP command.

awplus(config_if)# access-group 3005 Apply ACL 3005 to the port with the

ACCESS-GROUP command.

previous next