Allied Telesis AT-8100 Series User Manual

AT-8100 Switch Command Line User’s Guide

1587

Mode

Global Configuration mode

Description

Use this command to create access control lists that filter ingress packets
based on TCP port numbers.

Confirmation Commands

“SHOW ACCESS-LIST” on page 1641 and “SHOW INTERFACE
ACCESS-GROUP” on page 1643

Examples

This example creates an ACL, ID number 3045, that discards all untagged
ingress TCP packets on port 5:

awplus> enable
awplus# configure terminal
awplus(config)# access-list 3045 deny tcp any

range 0 65535

any range 0 65535
awplus(config)# interface port1.0.5
awplus(config_if)# access-group 3045

This example creates an ACL that discards all untagged ingress packets
that have the source and destination TCP port number 165. The ACL is
applied to port 1 and assigned the ID number 3078:

awplus> enable
awplus# configure terminal
awplus(config)# access-list 3078 deny tcp any

eq 165 any

eq

165
awplus(config)# interface port1.0.1
awplus(config_if)# access-group 3078

This example defines an ACL that causes port 18 to discard all untagged
ingress TCP packets that have source and destination TCP port numbers
in the range of 12 to 100 and that are going to the 149.123.159.0 subnet.
The list is assigned the ID number 3126:

awplus> enable
awplus# configure terminal
awplus(config)# access-list 3126 deny tcp any range 12 100
149.123.159.0/24

range 12 100

awplus(config)# interface port1.0.18
awplus(config_if)# access-group 3126