Access-list tcp, Access-list tcp 5 – Allied Telesis AT-8100 Series User Manual

AT-8100 Switch Command Line User’s Guide

1585

ACCESS-LIST TCP

Syntax

access-list

id_number action

tcp

src_ipaddress

eq|lt|gt|ne|range

src_tcp_port dst_ipaddress

eq|lt|gt|ne|range

dst_tcp_port

[vlan

vid

]

Parameters

id_number

Specifies an ID number for a new ACL. The range is 3000 to 3699.

action

Specifies the action of the ACL. Choose one of the following:

permit: Forwards all ingress packets that match the ACL.

deny: Discards all ingress packets that match the ACL.

copy-to-mirror: Copies all ingress packets that match the ACL to
the destination port of the mirror port. This action must be used
in conjunction with the port mirror feature, explained in Chapter
27, “Port Mirror” on page 465.

src_ipaddress

Specifies the source IP address of the ingress packets the access
list should filter. Choose one of the following:

any: Matches any IP address.

ipaddress/mask: Matches packets that have a source IP
address of a subnet or an end node. The mask is a decimal
number that represents the number of bits in the address, from
left to right, that constitute the network portion of the address.
For example, the subnet address 149.11.11.0 would have a
mask of “24” for the twenty-four bits of the network section of the
address. The IP address and the mask are separated by a slash
(/); for example, “149.11.11.0/24”.

host ipaddress

Matches packets with a source IP address and is an alternative to
the IPADRESS/MASK variable for addresses of specific end
nodes. The HOST keyword indicates that the address is of a
specific and node and that no mask is required.

eq

Matches packets that are equal to the TCP port number specified
by the SRC_TCP_PORT or DST_TCP_PORT parameter.