Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

IPv4 Hardware Access Control List (ACL) Commands

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

34.23

Usage

First create a named hardware access-list that applies the appropriate permit, deny
requirements etc. Then use the

access-group command on page 34.4

to apply this

access-list to a specific port or range. Note that this command will apply the access-list
only to incoming data packets.

An ACL can be configured with multiple ACL filters using sequence numbers. If the
sequence number is omitted, the next available multiple of 10 will be used as the
sequence number for the new filter. A new ACL filter can be inserted into the middle of an
existing list by specifying the appropriate sequence number.

Examples

To add an access-list filter entry with a sequence number of 100 to the access-list named
my-list

that will permit ICMP packets with a source address of 192.168.1.0/24, any

destination address and an icmp type of 5, use the commands:

To remove an access-list filter entry with a sequence number of 100 in the access-list
named my-list, use the commands:

Related Commands

access-list hardware (named)
show running-config
show access-list (IPv4 Hardware ACLs)

Note

You must reach the prompt

awplus(config-ip-hw-acl)#

by running the

access-list hardware (named) command on page 34.19

, and entering an

appropriate access-list name.

Note

Hardware ACLs will permit access unless explicitly denied by an ACL action.

awplus#

configure terminal

awplus(config)#

access-list hardware my-list

awplus(config-ip-hw-acl)#

100 permit icmp 192.168.1.0/24 any
icmp-type 5

awplus#

configure terminal

awplus(config)#

access-list hardware my-list

awplus(config-ip-hw-acl)#

no 100