beautypg.com

Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 881

background image

IPv4 Hardware Access Control List (ACL) Commands

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

34.35

Mode

IPv4 Hardware ACL Configuration

Default

Any traffic on an interface controlled by a hardware ACL that does not explicitly match a
filter is permitted.

Usage

First create a named hardware access-list that applies the appropriate permit, deny
requirements etc. Then use the

access-group command on page 34.4

to apply this

access-list to a specific port or range. Note that this command will apply the access-list
only to incoming data packets.

An ACL can be configured with multiple ACL filters using sequence numbers. If the
sequence number is omitted, the next available multiple of 10 will be used as the
sequence number for the new filter. A new ACL filter can be inserted into the middle of an
existing list by specifying the appropriate sequence number.

Example

To add an access-list filter entry to access-list named my-hw-list that will permit TCP
packets with a destination address of 192.168.1.1, a destination port of 80, and any
source address, and source port, use the commands:

Related Commands

access-list hardware (named)
show running-config
show access-list (IPv4 Hardware ACLs)

ne

Not equal to.

<destport>

The source TCP or UDP port number, specified as an
integer between 0 and 65535.

range

Specify the range of port numbers between 0 and
65535.

<start-range>

The source or destination port number at the start of
the range <0-65535>.

<end-range>

The source or destination port number at the end of
the range <0-65535>.

Parameter(cont.)

Description(cont.)

Note

The access control list being configured is selected by running the

access-list

hardware (named) command on page 34.19

. with the required access control

list number, or name, but with no further parameters selected.

Note

Hardware ACLs will permit access unless explicitly denied by an ACL action.

awplus#

configure terminal

awplus(config)#

access-list hardware my-hw-list

awplus(config-ip-hw-acl)#

permit tcp any 192.168.1.1/32 eq 80

See also other documents in the category Allied Telesis Computer hardware: