Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual
Page 860

IPv4 Hardware Access Control List (ACL) Commands
Software Reference for x310 Series Switches
34.14
AlliedWare Plus
TM
Operating System - Version 5.4.4C
C613-50046-01 REV A
Usage
This command creates an access-list for use with hardware classification, such as when
applying QoS. This command can be used to match ICMP packets, IP protocols, or TCP/
UDP packets.
For ICMP packets, the <3000-3699> range IP hardware access-list will match any ICMP
packet that has the specified source and destination IP addresses and ICMP type.
You may apply the any parameter if the source or destination IP address is not important.
The ICMP type is an optional parameter.
Examples
Follow the below example commands to configure access-lists for ICMP, IP protocol and
TCP.
ICMP Example
To create an access-list that will permit ICMP packets with a source address of
192.168.1.0/24
with any destination address and an ICMP type of 5 enter the below
commands:
To destroy the access-list with an access-list identity of 3000 enter the below commands:
IP Example
To create an access-list that will permit any type of IP packet with a source address of
192.168.1.1
and any destination address, enter the commands:
To create an access-list that will deny all IGMP packets (IP protocol 2) from the
192.168.0.0
network, enter the commands:
TCP Example
To create an access-list that will permit TCP packets with a destination address of
192.168.1.1
, a destination port of 80 and any source address and source port, enter
the commands:
Note
Hardware ACLs will permit access unless explicitly denied by an ACL action.
awplus#
configure terminal
awplus(config)#
access-list 3000 permit icmp 192.168.1.0/24
any icmp-type 5
awplus#
configure terminal
awplus(config)#
no access-list 3000
awplus#
configure terminal
awplus(config)#
access-list 3000 permit ip 192.168.1.1/32 any
awplus#
configure terminal
awplus(config)#
access-list 3000 deny proto 2 192.168.0.0/16
any
awplus#
configure terminal
awplus(config)#
access-list 3000 permit tcp any 192.168.1.1/32
eq 80