Allied Telesis AT-FS970M Series User Manual

Chapter 97: ACL Commands

1590

eq

Matches packets that are equal to the TCP port number specified
by the dest_ipaddress parameter.

dst_udp_port

Specifies the destination UDP port number. The range is 0 to
65535. Omit this parameter if you are entering a range of port
numbers.

time-range

Specifies the name of a time range that is created with the TIME-
RANGE command. You must create a time range before entering it
as a parameter value. See “TIME-RANGE” on page 1624.

vid

Indicates a VLAN identifier. Specify a VLAN if you want the ACL to
filter tagged packets. Omit a VLAN if you want the ACL to filter
untagged packets. Specify a value between 1 and 4094. You can
enter only one VID.

Mode

IP ACL mode

Description

Use this command to create Named IP ACLs that identify traffic flows
based on UDP packets as well as source and destination IP addresses.

Confirmation Commands

“SHOW ACCESS-LIST” on page 1619 and “SHOW INTERFACE
ACCESS-GROUP” on page 1621

Examples

This example creates a Named IP ACL, called “denyudp,” that denies all
UDP packets from source IP address 152.12.45.1/16 to destination IP
address 152.12.45.7/16 on VLAN 15. Then the ACL is assigned to port 5:

awplus> enable
awplus# configure terminal
awplus(config)# ip access-list denyudp
awplus(config-ip-acl)# deny udp 152.12.45.1/16 152.12.45.7/
16 vlan 15
awplus(config-ip-acl)# exit
awplus(config)# interface port1.0.5
awplus(config-if)# access-group denyudp