Allied Telesis AT-8100 Series User Manual

Chapter 99: ACL Commands

1604

dest_ipaddressMask

Specifies the destination IP address of the ingress packets the
access list should filter. Choose from the following options:

any: Matches any IP address.

ipaddress/mask: Matches packets that have a source IP
address of a subnet or an end node. The mask is a decimal
number that represents the number of bits in the address, from
left to right, that constitute the network portion of the address.
For example, the subnet address 149.11.11.0 would have a
mask of “24” for the twenty-four bits of the network section of the
address. The IP address and the mask are separated by a slash
(/); for example, “149.11.11.0/24.”

host ipaddress: Matches packets with a destination IP address
and is an alternative to the IPADRESS/MASK variable for
addresses of specific end nodes. The HOST keyword indicates
that the address is of a specific end node and that no mask is
required.

time-range

Specifies the name of a time range that is created with the TIME-
RANGE command. You must create a time range before entering it
as a parameter value. See “TIME-RANGE” on page 1646.

vlan

Indicates a VLAN identifier. Specify a VLAN if you want the ACL to
filter tagged packets. Omit a VLAN if you want the ACL to filter
untagged packets. Specify a value between 1 and 4094. You can
enter only one VID.

Mode

IP ACL mode

Description

Use this command to create Named IP ACLs that identify traffic flows
based on protocol numbers as well as source and destination IP
addresses. For a list of the protocols supported, see Table 191, “Protocol
Numbers” on page 1581.

Confirmation Commands

“SHOW ACCESS-LIST” on page 1641 and “SHOW INTERFACE
ACCESS-GROUP” on page 1643