beautypg.com

Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 900

background image

IPv4 Software Access Control List (ACL) Commands

Software Reference for x310 Series Switches

35.14

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

Mode

Global Configuration

Default

Any traffic controlled by a software ACL that does not explicitly match a filter is denied.

Usage

Use this command when configuring access-list for filtering IP software packets. To enable
backwards compatibility you can either create access-lists from within this command, or
you can enter access-list followed by only the number. This latter method moves you to
the IPv4 Extended ACL Configuration mode for the selected access-list number, and from
here you can configure your access-lists by using the commands

(access-list extended

ICMP filter)

,

(access-list extended IP filter)

, and

(access-list extended IP protocol

filter)

.

The table

“IPv4 Software Access List Commands and Prompts” on page 35.3

shows

the prompts at which ACL commands are entered. See the relevant links shown for the
Related Commands.

Note that packets must match both the source and the destination details.

Examples

You can enter the extended named ACL in the Global Configuration mode together with
the ACL filter entry on the same line, as in previous software releases as shown below:

<destination>

The destination address of the packets. You can specify a single
host, a subnet, or all destinations. The following are the valid
formats for specifying the destination:

any

Matches any destination IP address.

host

Matches a single destination host with the
IP address given by in dotted
decimal notation.

<ip-addr>
<reverse-mask>

An IPv4 address, followed by a reverse
mask in dotted decimal format. For
example, entering 192.168.1.1
0.0.0.255

is the same as entering

192.168.1.1/24

. This matches any

destination IP address within the specified
subnet.

Parameter(cont.)

Description(cont.)

Note

Software ACLs will deny access unless explicitly permitted by an ACL action.

awplus#

configure terminal

awplus(config)#

access-list 101 deny ip 172.16.10.0 0.0.0.255
any

See also other documents in the category Allied Telesis Computer hardware: