Assigning mac acls to vty lines, Assigning mac acls to vty lines 0 – Allied Telesis AT-9000 Series User Manual

Chapter 73: Advanced Access Control Lists (ACLs)

1190

Assigning MAC

ACLs to VTY

Lines

This example creates two MAC ACLs. The first MAC ACL created, with an
ID of 4000, permits IP address 10.0.0.5 full access to the switch. The
second MAC ACL has an ID of 4001 and denies all IP addresses access
to the switch. Both MAC ACLs are assigned to all ten VTY lines with the
ACCESS-CLASS command in the order that the ACLs were created. The
result of this example is that only IP address 10.0.0.5 has remote access
to the switch. See Table 137.

Note

MAC ACLs are specified with an ACL ID number within the 4000 to
4699 range.

awplus(config)# access-list 3000
permit ip host 10.0.0.3 host
10.0.0.20

Creates an ACL with an ID number of
3000 that allows IP address 10.0.0.3 full
access to the switch.

awplus(config)# access-list 3001
deny ip any host 10.0.0.20

Creates an ACL with an ID number of
3001 that denies all IP addresses access
to the switch.

awplus(config)# line vty 0 9

Access the LINE VTY mode for lines 0
through 9.

awplus(config-line)# access-
class 3000

Assigns ACL 3000 to VTY lines 0 through
9.

awplus(config-line)# access-
class 3001

Assigns ACL 3001 to VTY lines 0 through
9.

Table 136. Assigning Numbered IP ACLs to VTY Lines Example (Continued)

Command

Description

Table 137. Assigning MAC ACLs to VTY Lines Example

Command

Description

awplus> enable

Enter the Privileged Executive mode from
the User Executive mode.

awplus# configure terminal

Enter the Global Configuration mode.

awplus(config)# interface vlan10

Enter the Port Interface mode for VLAN
10.

awplus(config_if)# ip address
10.0.0.20/24

Assign VLAN 10 an IP address and
subnet mask of 10.0.0.20/24.

awplus(config_if)# q

Quit the Port Interface mode.