beautypg.com

Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 898

background image

IPv4 Software Access Control List (ACL) Commands

Software Reference for x310 Series Switches

35.12

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

Usage

Use this command when configuring access-list for filtering IP software packets. To enable
backwards compatibility you can either create access-lists from within this command, or
you can enter access-list followed by only the number. This latter method moves you to
the IPv4 Extended ACL Configuration mode for the selected access-list number, and from
here you can configure your access-lists by using the commands

(access-list extended

ICMP filter)

,

(access-list extended IP filter)

, and

(access-list extended IP protocol

filter)

.

The table

“IPv4 Software Access List Commands and Prompts” on page 35.3

shows

the prompts at which ACL commands are entered. See the relevant links shown for the
Related Commands.

Note that packets must match both the source and the destination details.

Examples

You can enter the extended named ACL in the Global Configuration mode together with
the ACL filter entry on the same line, as shown below:

Alternatively, you can enter the extended named ACL in Global Configuration mode
before specifying the ACL filter entry in the IPv4 Extended ACL Configuration mode, as
shown below:

Related Commands

(access-list extended ICMP filter)
(access-list extended IP filter)
(access-list extended TCP UDP filter)
show running-config
show ip access-list

Note

Software ACLs will deny access unless explicitly permitted by an ACL action.

awplus#

configure terminal

awplus(config)#

access-list extended TK deny tcp 2.2.2.3/24 eq
14 3.3.3.4/24 eq 12 log

awplus#

configure terminal

awplus(config)#

access-list extended TK

awplus(config-ip-ext-acl)#

deny tcp 2.2.2.3/24 eq 14 3.3.3.4/24
eq 12 log