Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual
Page 893
IPv4 Software Access Control List (ACL) Commands
Software Reference for x310 Series Switches
C613-50046-01 REV A
AlliedWare Plus
TM
Operating System - Version 5.4.4C
35.7
Syntax
[tcp|udp]
access-list extended <list-name>
{deny|permit}
{tcp|udp}
<source>
[eq <sourceport>|lt <sourceport>|gt <sourceport>|ne <sourceport>]
<destination>
[eq <destport>|lt <destport>|gt <destport>|ne <destport>]
[log]
no access-list extended <list-name>
{deny|permit}
{tcp|udp}
<source>
[eq <sourceport>|lt <sourceport>|gt <sourceport>|ne <sourceport>]
<destination>
[eq <destport>|lt <destport>|gt <destport>|ne <destport>]
[log]
Table 35-3: Parameters in the access-list extended (named) command - tcp|udp
Parameter
Description
<list-name>
A user-defined name for the access-list.
deny
The access-list rejects packets that match the type, source, and
destination filtering specified with this command.
permit
The access-list permits packets that match the type, source, and
destination filtering specified with this command.
tcp
The access-list matches only TCP packets.
udp
The access-list matches only UDP packets.
The source address of the packets. You can specify a single host, a
subnet, or all sources. The following are the valid formats for
specifying the source:
any
Matches any source IP address.
host
Matches a single source host with the
IP address given by
dotted decimal notation.
<ip-addr>/
<prefix>
An IPv4 address, followed by a forward
slash, then the prefix length. This
matches any source IP address within
the specified subnet.
<ip-addr>
<reverse-mask>
Alternatively, you can enter a reverse
mask in dotted decimal format. For
example, entering 192.168.1.1
0.0.0.255
is the same as entering
192.168.1.1/24
.