Ip access-list (proto) – Allied Telesis AT-8100 Series User Manual

AT-8100 Switch Command Line User’s Guide

1603

IP ACCESS-LIST (PROTO)

Syntax

action

deny|permit|copy-to-mirror

proto

protocol_number

scr_ip_address any|host

dest_ipaddress

any|host time-range

[vlan

vid

]

Parameters

action

Specifies the action of the ACL. Here are the possible actions:

permit: Forwards all ingress packets that match the ACL.

deny: Discards all ingress packets that match the ACL.

copy-to-mirror: Copies all ingress packets that match the ACL to
the destination port of the mirror port. This action must be used
in conjunction with the port mirror feature, explained in Chapter
27, “Port Mirror” on page 465.

protocol_number

Specifies a protocol number. You can specify one protocol number.
Refer to Table 191, “Protocol Numbers” on page 1581 for the
protocol number.

src_ipaddress

Specifies the source IP address of the ingress packets the access
list should filter. Choose from the following options:

any: Matches any IP address.

ipaddress/mask: Matches packets that have a source IP
address of a subnet or an end node. The mask is a decimal
number that represents the number of bits in the address, from
left to right, that constitute the network portion of the address.
For example, the subnet address 149.11.11.0 would have a
mask of “24” for the twenty-four bits of the network section of the
address. The IP address and the mask are separated by a slash
(/); for example, “149.11.11.0/24.”

host ipaddress: Matches packets with a source IP address and
is an alternative to the IPADRESS/MASK variable for addresses
of specific end nodes. The HOST keyword indicates that the
address is of a specific end node and that no mask is required.