Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual
Page 898
IPv4 Software Access Control List (ACL) Commands
Software Reference for x310 Series Switches
35.12
AlliedWare Plus
TM
Operating System - Version 5.4.4C
C613-50046-01 REV A
Usage
Use this command when configuring access-list for filtering IP software packets. To enable
backwards compatibility you can either create access-lists from within this command, or
you can enter access-list followed by only the number. This latter method moves you to
the IPv4 Extended ACL Configuration mode for the selected access-list number, and from
here you can configure your access-lists by using the commands
(access-list extended IP filter)
, and
(access-list extended IP protocol
.
“IPv4 Software Access List Commands and Prompts” on page 35.3
shows
the prompts at which ACL commands are entered. See the relevant links shown for the
Related Commands.
Note that packets must match both the source and the destination details.
Examples
You can enter the extended named ACL in the Global Configuration mode together with
the ACL filter entry on the same line, as shown below:
Alternatively, you can enter the extended named ACL in Global Configuration mode
before specifying the ACL filter entry in the IPv4 Extended ACL Configuration mode, as
shown below:
Related Commands
(access-list extended ICMP filter)
(access-list extended IP filter)
(access-list extended TCP UDP filter)
show running-config
show ip access-list
Note
Software ACLs will deny access unless explicitly permitted by an ACL action.
awplus#
configure terminal
awplus(config)#
access-list extended TK deny tcp 2.2.2.3/24 eq
14 3.3.3.4/24 eq 12 log
awplus#
configure terminal
awplus(config)#
access-list extended TK
awplus(config-ip-ext-acl)#
deny tcp 2.2.2.3/24 eq 14 3.3.3.4/24
eq 12 log