Acl filters tagged ipv4 packets example 2 – Allied Telesis AT-8100 Series User Manual

Chapter 98: Advanced Access Control Lists (ACLs)

1532

Here is an example of an ACL that filters tagged packets. See Table 164.
It blocks all tagged packets with the VID 14 from ports 5 and 6. The ACL is
assigned an ID number of 3122:

Numbered IPv4 ACL with ICMP Packets Example

This is the command format for creating Numbered IPv4 ACLs that filter
ICMP packets based on source and destination IPv4 addresses:

access-list

id_number action

icmp

src_ipaddress

dst_ipaddress

[vlan

vid

]

The ID_NUMBER parameter assigns the ACL a unique ID number in the
range of 3000 to 3699. Within this range, you can number ACLs in any
order.

The ACTION parameter specifies the action that the port performs on
packets matching the filtering criteria of the ACL. Here are the possible
actions:



permit— Forwards all ingress packets that match the ACL. Ports,
by default, accept all ingress packets. Consequently, a permit ACL

Table 164. ACL Filters Tagged IPv4 Packets Example

Command

Description

awplus> enable

Enter the Privileged
Executive mode from the
User Executive mode.

awplus# configure terminal

Enter the Global
Configuration mode.

awplus(config)# access-list 3122 deny ip any any
vlan 14

Create the deny ACL with
the ACCESS-LIST IP
command.

awplus(config)# interface port1.0.5,
port1.0.6

Move to the Port Interface
mode for ports 5 and 6.

awplus(config_if)# access-group 3122

Apply the ACL to the port
with the ACCESS-GROUP
command.

awplus(config_if)# end

Return to the Privileged
Exec mode.

awplus# show access-list

Confirm the configuration
of the ACL.

awplus# show interface port1.0.5,port1.0.6
access-group

Confirm that the ACL has
been added to the port.