Allied Telesis AT-8100 Series User Manual

Chapter 99: ACL Commands

1592

This example defines an ACL that causes port 18 to discard all untagged
ingress packets that have source and destination UDP port numbers in the
range of 12 to 100 and that are going to the 149.123.159.0 subnet. The
VLAN parameter is also included to restrict the ACL to UDP packets that
belong to VLAN 7. The list is assigned the ID number 3078:

awplus> enable
awplus# configure terminal
awplus(config)# access-list 3078 deny udp any range 12 100
149.123.159.0/24

range 12 100 vlan 7

awplus(config)# interface port1.0.18
awplus(config_if)# access-group 3078
awplus(config_if)# end
awplus# show access-list
awplus# show interface port1.0.18 access-group

This example configures port 21 to forward tagged UDP port 67 to 87
packets only if they are from the 154.11.234.0 network and are going to
the 154.11.235.0 network, and have the VID 20. This example requires a
permit ACL because the permitted traffic, UDP packets with port numbers
in the range of 67 to 87, is a subset of all UDP packets on the port:

awplus> enable
awplus# configure terminal
awplus(config)# access-list 3119 permit udp 154.11.234.0/24
range 67 87 154.11.235.0/24

range 67 87 vlan 20

awplus(config)# access-list 3005 deny udp any any range 67
87
awplus(config)# interface port1.0.21
awplus(config_if)# access-group 3119
awplus(config_if)# access-group 3005
awplus(config_if)# end
awplus# show access-list
awplus# show interface port1.0.21 access-group