Allied Telesis AT-8100 Series User Manual

AT-8100 Switch Command Line User’s Guide

1577

dst_ipaddress: Specifies the destination IP address of the
ingress packets the access list should filter. Here are the
possible options:

any: Matches any IP address.

ipaddress/mask: Matches packets that have a destination IP
address of a specific subnet or end node.

host ipaddress: Matches packets with a destination IP address
of a specific end node. The HOST keyword indicates that the
address is of a specific end node and that no mask is required.

vlan

Indicates a VLAN identifier. Specify a VLAN if you want the ACL to
filter tagged packets. Omit a VLAN if you want the ACL to filter
untagged packets. Specify a value between 1 and 4094. You can
enter only one VID.

Mode

Global Configuration mode

Description

Use this command to create ACLs that identify traffic flows based on the
source and destination IP addresses of the packets.

Confirmation Commands

“SHOW ACCESS-LIST” on page 1641 and “SHOW INTERFACE
ACCESS-GROUP” on page 1643

Examples

This example adds a deny ACL, ID number 3201, that discards all
untagged ingress packets from the 149.11.124.0 subnet, on ports 4 and 9:

awplus> enable
awplus# configure terminal
awplus(config)# access-list 3201 deny ip 149.11.124.0/24 any
awplus(config)# interface port1.0.4,port1.0.9
awplus(config_if)# access-group 3201
awplus(config_if)# end
awplus# show access-list
awplus# show interface port1.0.4,port1.0.9 access-group