Figure 10: acl example 4 figure 11: acl example 5 – Allied Telesis AT-S63 User Manual

Page 144

background image

Chapter 12: Access Control Lists

144

Section II: Advanced Operations

In this example, the traffic on ports 14 and 15 is restricted to packets from
the source subnet 149.44.44.0. All other IP traffic is denied. Classifier ID
11, which specifies the traffic flow to be permitted by the ports, is assigned
to an ACL with an action of permit. Classifier ID 17 specifies all IP traffic
and is assigned to an ACL whose action is deny. Since a permit ACL
overrides a deny ACL, the port will accept the traffic from the 149.44.44.0
subnet and discard all other IP traffic.

Figure 10. ACL Example 4

This example limits the traffic on port 22 to HTTPS web traffic intended for
the end node with the IP address 149.55.55.55, and rejects all other IP
traffic. (The Dst IP Mask field in classifier 6 is left empty because a mask is
not required for a source or destination IP address for a specific end node.
If you wanted to include it, it would be 255.255.255.255.)

Figure 11. ACL Example 5

Create Access Control Lists (ACL)

1 - ACL ID ................. 21
2 - Description .......... 149.44.44-permit
3 - Action .................. Permit
4 - Classifier List ...... 11
5 - Port List .............. 14,15

Create Classifier

01 - Classifier ID: ..... 11
02 - Description: ....... 149.44.44-flow
.
.
12 - Src IP Addr: ....... 149.44.44.0
13 - Src IP Mask: ...... 255.255.255.0

Create Access Control Lists (ACL)

1 - ACL ID ................. 5
2 - Description .......... All IP - deny
3 - Action .................. Deny
4 - Classifier List ...... 17
5 - Port List .............. 14,15

Create Classifier

01 - Classifier ID: ..... 17
02 - Description: ....... All IP flow
.
.
08 - Protocol: ............ IP

Create Access Control Lists (ACL)

1 - ACL ID ................. 4
2 - Description .......... Web - permit
3 - Action .................. Permit
4 - Classifier List ...... 6
5 - Port List .............. 22

Create Classifier

01 - Classifier ID: ...... 6
02 - Description: ....... 55.55 HTTPS
.
.
14 - Dst IP Addr: ....... 149.55.55.55
15 - Dst IP Mask: ......
.
17 - TCP Dst Port: ..... 443

Create Access Control Lists (ACL)

1 - ACL ID ................. 5
2 - Description .......... All IP - deny
3 - Action .................. Deny
4 - Classifier List ...... 17
5 - Port List .............. 22

Create Classifier

01 - Classifier ID: ..... 17
02 - Description: ....... All IP flow
.
.
08 - Protocol: ............ IP