beautypg.com

Figure 74: acl example 4 figure 75: acl example 5 – Allied Telesis AT-S62 User Manual

Page 257

background image

AT-S62 Management Software Menus Interface User’s Guide

Section II: Advanced Operations

257

In this example, the traffic on ports 14 and 15 is restricted to packets from
the source subnet 149.44.44.0. All other IP traffic is denied. Classifier ID
11 defines the authorized traffic flow for the ports and is assigned to an
ACL with a permit action. Classifier ID 17 defines all IP traffic and is
assigned to an ACL with a deny action. Since a permit ACL overrides a
deny ACL, the ports accept the traffic from the 149.44.44.0 subnet even
though that traffic meets the criteria of the deny ACL.

Figure 74. ACL Example 4

This example limits the traffic on port 22 to HTTPS web traffic directed to
an end node with the IP address 149.55.55.55. All other IP traffic is
rejected. (The Dst IP Mask field in classifier 6 is left empty because a
mask is unnecessary when specifying a source or destination IP address
of an end node. If you included the mask, it would be 255.255.255.255.)

Figure 75. ACL Example 5

Create Access Control Lists (ACL)

1 - ACL ID ................. 21
2 - Description .......... 149.44.44-permit
3 - Action .................. Permit
4 - Classifier List ...... 11
5 - Port List .............. 14,15

Create Classifier

01 - Classifier ID: ..... 11
02 - Description: ....... 149.44.44-flow
.
.
12 - Src IP Addr: ....... 149.44.44.0
13 - Src IP Mask: ...... 255.255.255.0

Create Access Control Lists (ACL)

1 - ACL ID ................. 5
2 - Description .......... All IP - deny
3 - Action .................. Deny
4 - Classifier List ...... 17
5 - Port List .............. 14,15

Create Classifier

01 - Classifier ID: ..... 17
02 - Description: ....... All IP flow
.
.
08 - Protocol: ............ IP

Create Access Control Lists (ACL)

1 - ACL ID ................. 4
2 - Description .......... Web - permit
3 - Action .................. Permit
4 - Classifier List ...... 6
5 - Port List .............. 22

Create Classifier

01 - Classifier ID: ...... 6
02 - Description: ....... 55.55 HTTPS
.
.
14 - Dst IP Addr: ....... 149.55.55.55
15 - Dst IP Mask: ......
.
17 - TCP Dst Port: ..... 443

Create Access Control Lists (ACL)

1 - ACL ID ................. 5
2 - Description .......... All IP - deny
3 - Action .................. Deny
4 - Classifier List ...... 17
5 - Port List .............. 22

Create Classifier

01 - Classifier ID: ..... 17
02 - Description: ....... All IP flow
.
.
08 - Protocol: ............ IP

See also other documents in the category Allied Telesis Computer hardware: