Setting up a default acl rule, Cli command, Setting up a default acl rule -28 – Avaya 580 User Manual

25-28

User Guide for the Avaya P580 and P882 Multiservice Switches, v6.1

Chapter 25

Setting Up a Default ACL Rule

CLI Command

Use the any keyword in the access list command to set up a default ACL
rule. The rule will be applied to all packets on the switch that do not match
any other ACL rules. The command syntax is:

(

configure)#

access-list

{permit [{use-priority | use-diffserv [mask] | remark-diffserv
[mask] | use-l2}] | fwd1 | fwd2 | fwd3 | fwd4 | fwd5 | fwd6 | fwd7 |
fwd8} any

The default ACL rule must have the highest index in the ACL. To ensure
that the switch never applies the default ACL rule to traffic that matches
other ACL rules, Avaya recommends that you use an index of 512 for the
default ACL rule.

For more information about how default ACL rules work, see “

Classifying

Traffic by Layer 3 or Layer 4 Characteristics

” earlier in this chapter.

• Use the DSCP to classify all UDP

traffic that has a:

— Source IP address of 7.7.7.7

— Destination IP address of

8.8.8.8

— Destination port between 33

and 44

• Mask the three least significant bits

of the DSCP

access-list MyAccessList2 9 permit
use-diffserv mask udp host 7.7.7.7
host 8.8.8.8 range 33 44

• Assign a priority of 7 to all TCP

traffic that has a:

— Source IP address of 9.9.9.9

— Destination IP address of

3.3.3.3

— Destination port between 55

and 66

• Permit TCP connections that meet

this criteria

access-list MyAccessList2 10 permit
use-priority 7 tcp host 9.9.9.9 host
3.3.3.3 range 55 66 established

Table 25-16. Examples: Extended ACL Rules

To...

Enter...

3 of 3