beautypg.com

Access-list extended tcp udp filter) – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 911

background image

IPv4 Software Access Control List (ACL) Commands

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

35.25

(access-list extended TCP UDP filter)

Use this ACL filter to add a new TCP or UDP filter entry to the current extended access-list.
If the sequence number is specified, the new filter is inserted at the specified location.
Otherwise, the new filter is added at the end of the access-list.

The no variant of this command removes a TCP or UDP filter entry from the current
extended access-list. You can specify the TCP or UDP filter entry for removal by entering
either its sequence number (e.g. no 10), or by entering its TCP or UDP filter profile
without specifying its sequence number.

Note that the sequence number can be found by running the

show access-list (IPv4

Software ACLs)

command.

Syntax

[tcp|udp]

[<sequence-number>] {deny|permit} {tcp|udp}

<source>

{eq <sourceport>|lt <sourceport>|gt <sourceport>|ne <sourceport>}

<destination>

[eq <destport>|lt <destport>|gt <destport>|ne <destport>]

[log]

no {deny|permit} {tcp|udp}

<source>

{eq <sourceport>|lt <sourceport>|gt <sourceport>|ne <sourceport>}

<destination>

[eq <destport>|lt <destport>|gt <destport>|ne <destport>]

[log]

no <sequence-number>

Parameter

Description

<sequence-
number
>

<1-65535>
The sequence number for the filter entry of the selected access
control list.

deny

Access-list rejects packets that match the source and destination
filtering specified with this command.

permit

Access-list permits packets that match the source and destination
filtering specified with this command.

tcp

The access-list matches only TCP packets.

udp

The access-list matches only UDP packets.

<source>

The source address of the packets. You can specify a single host, a
subnet, or all sources. The following are the valid formats for
specifying the source:

<ip-addr>/
<prefix>

An IPv4 address, followed by a
forward slash, then the prefix length.
This matches any source IP address
within the specified subnet.

any

Matches any source IP address.

<sourceport>

The source port number, specified as an integer between 0 and
65535.