beautypg.com

Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 912

background image

IPv4 Software Access Control List (ACL) Commands

Software Reference for x310 Series Switches

35.26

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

Mode

IPv4 Extended ACL Configuration

Default

Any traffic controlled by a software ACL that does not explicitly match a filter is denied.

Usage

An ACL can be configured with multiple ACL filters using sequence numbers. If the
sequence number is omitted, the next available multiple of 10 will be used as the
sequence number for the new filter. A new ACL filter can be inserted into the middle of an
existing list by specifying the appropriate sequence number.

Example 1

[creating a list]

To add a new entry to the access-list named my-list that will reject TCP packets from
10.0.0.1

on TCP port 10 to 192.168.1.1 on TCP port 20, use the commands:

<destination>

The destination address of the packets. You can specify a single
host, a subnet, or all destinations. The following are the valid
formats for specifying the destination:

<ip-addr>/
<prefix>

An IPv4 address, followed by a
forward slash, then the prefix length.
This matches any destination IP
address within the specified subnet.

any

Matches any destination IP address.

<destport>

The destination port number, specified as an integer between 0
and 65535.

eq

Matches port numbers equal to the port number specified
immediately after this parameter.

lt

Matches port numbers less than the port number specified
immediately after this parameter.

gt

Matches port numbers greater than the port number specified
immediately after this parameter.

ne

Matches port numbers not equal to the port number specified
immediately after this parameter.

log

Log the results.

Parameter(cont.)

Description(cont.)

Note

The access control list being configured is selected by running the

access-list

(extended numbered)

command or the

access-list extended (named)

command, with the required access control list number, or name - but with no
further parameters selected.

Note

Software ACLs will deny access unless explicitly permitted by an ACL action.

awplus#

configure terminal

awplus(config)#

access-list extended my-list

awplus(config-ip-ext-acl)#

deny tcp 10.0.0.1/32 eq 10
192.168.1.1/32 eq 20

See also other documents in the category Allied Telesis Computer hardware: