beautypg.com

Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 909

background image

IPv4 Software Access Control List (ACL) Commands

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

35.23

Mode

IPv4 Extended ACL Configuration

Default

Any traffic controlled by a software ACL that does not explicitly match a filter is denied.

Usage

An ACL can be configured with multiple ACL filters using sequence numbers. If the
sequence number is omitted, the next available multiple of 10 will be used as the
sequence number for the new filter. A new ACL filter can be inserted into the middle of an
existing list by specifying the appropriate sequence number.

Example 1

[creating a list]

Use the following commands to add a new access-list filter entry to the access-list named
my-list

that will reject IP packets from source address 10.10.1.1/32 to destination

address 192.68.1.1/32:

<source>

The source address of the packets. You can specify a single host, a
subnet, or all sources. The following are the valid formats for
specifying the source:

<ip-addr>/
<prefix>

An IPv4 address, followed by a forward
slash, then the prefix length. This matches
any source IP address within the specified
subnet.

any

Matches any source IP address.

<destination>

The destination address of the packets. You can specify a single
host, a subnet, or all destinations. The following are the valid
formats for specifying the destination:

<ip-addr>/
<prefix>

An IPv4 address, followed by a forward
slash, then the prefix length. This matches
any destination IP address within the
specified subnet.

any

Matches any destination IP address.

log

Log the results.

Parameter(cont.)

Description(cont.)

Note

The access control list being configured is selected by running the

access-list

(extended numbered)

command or the

access-list extended (named)

command, with the required access control list number, or name - but with no
further parameters selected.

Note

Software ACLs will deny access unless explicitly permitted by an ACL action.

awplus#

configure terminal

awplus(config)#

access-list extended my-list

awplus(config-ip-ext-acl)#

deny ip 10.10.1.1/32 192.168.1.1/32

See also other documents in the category Allied Telesis Computer hardware: