beautypg.com

Figure 74: acl example 4 figure 75: acl example 5 – Allied Telesis AT-S62 User Manual

Page 243

background image

AT-S62 Menus Interface User’s Guide

Section II: Advanced Operations

243

In this example, the traffic on ports 14 and 15 is restricted to packets
from the source subnet 149.44.44.0. All other IP traffic is denied.
Classifier ID 11, which specifies the traffic flow to be permitted by the
ports, is assigned to an ACL with an action of permit. Classifier ID 17
specifies all IP traffic and is assigned to an ACL whose action is deny.
Since a permit ACL overrides a deny ACL, the port will accept the traffic
from the 149.44.44.0 subnet even though that traffic also happens to
meet the criteria of the deny ACL.

Figure 74 ACL Example 4

This example limits the traffic on port 22 to HTTPS web traffic intended
for the end node with the IP address 149.55.55.55. All other IP traffic is
rejected. (The Dst IP Mask field in classifier 6 is left empty because you do
not need to specify a mask for the source or destination IP address of an
end node. If you wanted to include a mask, it would be 255.255.255.255.)

Figure 75 ACL Example 5

Create Access Control Lists (ACL)

1 - ACL ID ................. 21
2 - Description .......... 149.44.44-permit
3 - Action .................. Permit
4 - Classifier List ...... 11
5 - Port List .............. 14,15

Create Classifier

01 - Classifier ID: ..... 11
02 - Description: ....... 149.44.44-flow
.
.
12 - Src IP Addr: ....... 149.44.44.0
13 - Src IP Mask: ...... 255.255.255.0

Create Access Control Lists (ACL)

1 - ACL ID ................. 5
2 - Description .......... All IP - deny
3 - Action .................. Deny
4 - Classifier List ...... 17
5 - Port List .............. 14,15

Create Classifier

01 - Classifier ID: ..... 17
02 - Description: ....... All IP flow
.
.
08 - Protocol: ............ IP

Create Access Control Lists (ACL)

1 - ACL ID ................. 4
2 - Description .......... Web - permit
3 - Action .................. Permit
4 - Classifier List ...... 6
5 - Port List .............. 22

Create Classifier

01 - Classifier ID: ...... 6
02 - Description: ....... 55.55 HTTPS
.
.
14 - Dst IP Addr: ....... 149.55.55.55
15 - Dst IP Mask: ......
.
17 - TCP Dst Port: ..... 443

Create Access Control Lists (ACL)

1 - ACL ID ................. 5
2 - Description .......... All IP - deny
3 - Action .................. Deny
4 - Classifier List ...... 17
5 - Port List .............. 22

Create Classifier

01 - Classifier ID: ..... 17
02 - Description: ....... All IP flow
.
.
08 - Protocol: ............ IP

See also other documents in the category Allied Telesis Computer hardware: