Allied Telesis AT-8100 Series User Manual

AT-8100 Switch Command Line User’s Guide

1595

For example, the subnet address 149.11.11.0 would have a
mask of “24” for the twenty-four bits of the network section of the
address. The IP address and the mask are separated by a slash
(/); for example, “149.11.11.0/24.”

host ipaddress: Matches packets with a destination IP address
and is an alternative to the IPADRESS/MASK variable for
addresses of specific end nodes. The HOST keyword indicates
that the address is of a specific end node and that no mask is
required.

time-range

Specifies the name of a time range that is created with the TIME-
RANGE command. You must create a time range before entering it
as a parameter value. See “TIME-RANGE” on page 1646.

vid

Indicates a VLAN identifier. Specify a VLAN if you want the ACL to
filter tagged packets. Omit a VLAN if you want the ACL to filter
untagged packets. Specify a value between 1 and 4094. You can
enter only one VID.

Mode

IP ACL mode

Description

Use this command to create Named IP ACLs that identify traffic flows
based on ICMP packets and source and destination IP addresses.

Confirmation Commands

“SHOW ACCESS-LIST” on page 1641 and “SHOW INTERFACE
ACCESS-GROUP” on page 1643

Examples

This example creates a Named ICMP ACL (icmppermit) that permits ICMP
packets from any IP source address to any IP destination address on
VLAN 12. Then the ACL is assigned to port 21:

awplus> enable
awplus# configure terminal
awplus(config)# ip access-list icmppermit
awplus(config-ip-acl)# permit icmp any any vlan 12
awplus(config-ip-acl)# exit
awplus(config)# interface port1.0.21
awplus(config-if)# access-group icmppermit