beautypg.com

Access-list extended ip filter) – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 904

background image

IPv4 Software Access Control List (ACL) Commands

Software Reference for x310 Series Switches

35.18

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

(access-list extended IP filter)

Use this ACL filter to add a new IP filter entry to the current extended access-list. If the
sequence number is specified, the new filter is inserted at the specified location.
Otherwise, the new filter is added at the end of the access-list.

The no variant of this command removes an IP filter entry from the current extended
access-list. You can specify the IP filter entry for removal by entering either its sequence
number (e.g. no 10), or by entering its IP filter profile without specifying its sequence
number.

Note that the sequence number can be found by running the

show access-list (IPv4

Software ACLs)

command.

Syntax

[ip]

[<sequence-number>] {deny|permit} ip <source> <destination>

no {deny|permit} ip <source> <destination>

no <sequence-number>

Parameter

Description

<sequence-
number>

<1-65535>
The sequence number for the filter entry of the selected access
control list.

deny

Access-list rejects packets that match the source and destination
filtering specified with this command.

permit

Access-list permits packets that match the source and destination
filtering specified with this command.

The source address of the packets. You can specify a single host, a
subnet, or all sources. The following are the valid formats for
specifying the source:

any

Matches any source IP address.

host

Matches a single source host with the IP
address given by in dotted
decimal notation.

<ip-addr>
<reverse-mask>

Alternatively, enter an IPv4 address
followed by a reverse mask in dotted
decimal format. For example, enter
192.168.1.1 0.0.0.255

.

<destination>

The destination address of the packets. You can specify a single
host, a subnet, or all destinations. The following are the valid
formats for specifying the destination:

any

Matches any destination IP address.

host

Matches a single destination host with the
IP address given by in dotted
decimal notation.

<ip-addr>
<reverse-mask>

Alternatively, enter an IPv4 address
followed by a reverse mask in dotted
decimal format. For example, enter
192.168.1.1 0.0.0.255

.

See also other documents in the category Allied Telesis Computer hardware: