beautypg.com

Numbered ipv4 acl with tcp port packets example 7 – Allied Telesis AT-8100 Series User Manual

Page 1537

background image

AT-8100 Switch Command Line User’s Guide

1537

The following example configures two Numbered IPv4 ACLs. ACL 3017
permits packets from TCP port 67 to 87 on IPv4 addresses 154.11.234.0/
24 to 154.11.235.0/24. ACL 3005 denies packets from TCP ports 67
through 87 to any IPv4 address. This example requires a permit ACL
because the permitted traffic is a subset of all TCP packets on the port:

Numbered IPv4 ACL with UDP Port Packets Example

access-list

id_number action

udp

src_ipaddress

eq|lt|gt|ne|range

src_udp_port dst_ipaddress

eq|lt|gt|ne|range

dst_udp_port

vlan

vid

The ID_NUMBER parameter assigns the ACL a unique ID number in the
range of 3000 to 3699. Within this range, you can number ACLs in any
order.

The ACTION parameter specifies the action that the port performs on
packets matching the filtering criteria of the ACL. Here are the possible
actions:

permit— Forwards all ingress packets that match the ACL. Ports,
by default, accept all ingress packets. Consequently, a permit ACL
is only necessary when you want a port to forward a subset of
packets that are otherwise discarded.

deny— Discards all ingress packets that match the ACL.

copy-to-mirror— Copies all ingress packets that match the ACL to
the destination port of the mirror port. This action must be used

Table 167. Numbered IPv4 ACL with TCP Port Packets Example

Command

Description

awplus> enable

Enter the Privileged Executive mode from
the User Executive mode.

awplus# configure terminal

Enter the Global Configuration mode.

awplus(config)# access-list 3017
permit tcp 154.11.234.0/24 range 67
87 154.11.235.0/24

range 67 87

Define ACL 3017 to permit packets from TCP
port 67 to 87 on IPv4 addresses
154.11.234.0/24 to 154.11.235.0/24.

awplus(config)# access-list 3005
deny tcp any any range 67 87

Define ACL 3005 to deny packets from TCP
ports 67 through 87 to any IPv4 address.

awplus(config)# interface port1.0.21

Move to the Port Interface mode for port 21.

awplus(config_if)# access-group 3017

Apply ACL 3017 to the port with the
ACCESS-GROUP command.

awplus(config_if)# access-group 3005

Apply ACL 3005 to the port with the
ACCESS-GROUP command.

See also other documents in the category Allied Telesis Computer hardware: