Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual
Page 905
IPv4 Software Access Control List (ACL) Commands
Software Reference for x310 Series Switches
C613-50046-01 REV A
AlliedWare Plus
TM
Operating System - Version 5.4.4C
35.19
Mode
Extended ACL Configuration
Default
Any traffic controlled by a software ACL that does not explicitly match a filter is denied.
Usage
An ACL can be configured with multiple ACL filters using sequence numbers. If the
sequence number is omitted, the next available multiple of 10 will be used as the
sequence number for the new filter. A new ACL filter can be inserted into the middle of an
existing list by specifying the appropriate sequence number.
Example 1
[list-number]
First use the following commands to enter the IPv4 Extended ACL Configuration mode
and define a numbered extended access-list 101:
Then use the following commands to add a new entry to the numbered extended access-
list 101 that will reject packets from 10.0.0.1 to 192.168.1.1:
Example 2
[list-name]
First use the following commands to enter the IPv4 Extended ACL Configuration mode
and define a named access-list called my-acl:
Then use the following commands to add a new entry to the named access-list my-acl
that will reject packets from 10.0.0.1 to 192.168.1.1:
Note
The access control list being configured is selected by running the
command, with the required access control list number, or name - but with no
further parameters selected.
Note
Software ACLs will deny access unless explicitly permitted by an ACL action.
awplus#
configure terminal
awplus(config)#
access-list 101
awplus(config-ip-ext-acl)#
awplus(config-ip-ext-acl)#
deny ip host 10.0.0.1 host
192.168.1.1
awplus(config-ip-ext-acl)#
20 permit ip any any
awplus#
configure terminal
awplus(config)#
access-list extended my-acl
awplus(config-ip-ext-acl)#
awplus(config-ip-ext-acl)#
deny ip host 10.0.0.1 host
192.168.1.1
awplus(config-ip-ext-acl)#
20 permit ip any any