beautypg.com

Access-list (extended numbered) – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 899

background image

IPv4 Software Access Control List (ACL) Commands

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

35.13

access-list (extended numbered)

This command configures an extended numbered access-list that permits or denies
packets from specific source and destination IP addresses. You can either create an
extended numbered ACL together with an ACL filter entry in the Global Configuration
mode, or you can use the IPv4 Extended ACL Configuration mode for sequenced ACL filter
entry after entering a list number.

The no variant of this command removes a specified extended named access-list.

Syntax

[list-number]

access-list {<100-199>|<2000-2699>}

no access-list {<100-199>|<2000-2699>}

Syntax

[deny|permit]

access-list {<100-199>|<2000-2699>}

{deny|permit}

ip <source> <destination>

no access-list {<100-199>|<2000-2699>}

{deny|permit}

ip <source> <destination>

Parameter

Description

<100-199>

IP extended access-list.

<2000-2699>

IP extended access-list (expanded range).

Parameter

Description

<100-199>

IP extended access-list.

<2000-2699>

IP extended access-list (expanded range).

deny

Access-list rejects packets that match the source and destination
filtering specified with this command.

permit

Access-list permits packets that match the source and destination
filtering specified with this command.

<source>

The source address of the packets. You can specify a single host, a
subnet, or all sources. The following are the valid formats for
specifying the source:

any

Matches any source IP address.

host

Matches a single source host with the IP
address given by in dotted
decimal notation.

<ip-addr>
<reverse-mask>

An IPv4 address, followed by a reverse
mask in dotted decimal format. For
example, entering 192.168.1.1
0.0.0.255

is the same as entering

192.168.1.1/24

. This matches any

source IP address within the specified
subnet.