beautypg.com

Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 860

background image

IPv4 Hardware Access Control List (ACL) Commands

Software Reference for x310 Series Switches

34.14

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

Usage

This command creates an access-list for use with hardware classification, such as when
applying QoS. This command can be used to match ICMP packets, IP protocols, or TCP/
UDP packets.

For ICMP packets, the <3000-3699> range IP hardware access-list will match any ICMP
packet that has the specified source and destination IP addresses and ICMP type.

You may apply the any parameter if the source or destination IP address is not important.
The ICMP type is an optional parameter.

Examples

Follow the below example commands to configure access-lists for ICMP, IP protocol and
TCP.

ICMP Example

To create an access-list that will permit ICMP packets with a source address of
192.168.1.0/24

with any destination address and an ICMP type of 5 enter the below

commands:

To destroy the access-list with an access-list identity of 3000 enter the below commands:

IP Example

To create an access-list that will permit any type of IP packet with a source address of

192.168.1.1

and any destination address, enter the commands:

To create an access-list that will deny all IGMP packets (IP protocol 2) from the

192.168.0.0

network, enter the commands:

TCP Example

To create an access-list that will permit TCP packets with a destination address of
192.168.1.1

, a destination port of 80 and any source address and source port, enter

the commands:

Note

Hardware ACLs will permit access unless explicitly denied by an ACL action.

awplus#

configure terminal

awplus(config)#

access-list 3000 permit icmp 192.168.1.0/24
any icmp-type 5

awplus#

configure terminal

awplus(config)#

no access-list 3000

awplus#

configure terminal

awplus(config)#

access-list 3000 permit ip 192.168.1.1/32 any

awplus#

configure terminal

awplus(config)#

access-list 3000 deny proto 2 192.168.0.0/16
any

awplus#

configure terminal

awplus(config)#

access-list 3000 permit tcp any 192.168.1.1/32
eq 80