beautypg.com

Step 1: create access lists, Step 2: create class-maps, Step 3: apply access-groups to class-maps – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 837: Step 4: create policy-maps, Step 5: associate class-maps with policy-maps

background image

Access Control Lists Introduction

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

33.13

Step 1:

Create access lists

Create ACL 4000 to deny all packets with any source or destination address:

Step 2:

Create class-maps

Create the class-map cmap1 and configure it to match on the TCP flags, ack and syn:

Create the class-map cmap2 and configure it to match on the TCP flag, syn:

Step 3:

Apply access-groups to class-maps

Apply ACL 4000 to this class-map (i.e. to cmap2):

Step 4:

Create policy-maps

Create the policy-map pmap1 and associate it with cmap1:

Step 5:

Associate class-maps with policy-maps

Associate cmap2 with this policy-map (pmap1):

awplus#

configure terminal

awplus(config)#

access-list 4000 deny any any

awplus(config)#

class-map cmap1

awplus(config-cmap)#

match tcp-flags ack syn

awplus(config-cmap)#

exit

awplus(config)#

class-map cmap2

awplus(config-cmap)#

match tcp-flags syn

awplus(config-cmap)#

match access-group 4000

awplus(config-cmap)#

exit

awplus(config)#

policy-map pmap1

awplus(config-pmap)#

class cmap1

awplus(config-pmap-c)#

exit

awplus(config-pmap)#

class cmap2

awplus(config-pmap-c)#

exit

See also other documents in the category Allied Telesis Computer hardware: