Allied Telesis AT-FS970M Series User Manual

Page 1513

Advertising
background image

AT-FS970M Switch Command Line User’s Guide

1513

The VLAN parameter determines if an ACL filters VLANs. You use the
parameter to specify the VID. You can specify one VID per command. If
you omit this parameter, the ACL applies to all traffic. In other words, no
filtering is done by the ACL based on the VLAN.

This example creates a deny access list to ports 5 and 6 so that they
discard all tagged ingress packets that contain protocol 17, a VID of 12,
and originate from the 152.12.45.0 subnet. The access list is assigned the
ID number 3011:

Numbered IPv4 ACL with TCP Port Packets Example

This is the command format for creating Numbered IPv4 ACLs that filter
packets from TCP ports based on source and destination IPv4 addresses:

access-list

id_number action tcp src_ipaddress

eq|lt|gt|ne|range

src_tcp_port dst_ipaddress

eq|lt|gt|ne|range

dst_tcp_port

[vlan

vid

]

The ID_NUMBER parameter assigns the ACL a unique ID number in the
range of 3000 to 3699. Within this range, you can number ACLs in any
order.

The ACTION parameter specifies the action that the port performs on
packets matching the filtering criteria of the ACL. Here are the possible
actions:

permit— Forwards all ingress packets that match the ACL. Ports,
by default, accept all ingress packets. Consequently, a permit ACL
is only necessary when you want a port to forward a subset of
packets that are otherwise discarded.

deny— Discards all ingress packets that match the ACL.

copy-to-mirror— Copies all ingress packets that match the ACL to
the destination port of the mirror port. This action must be used
together with the port mirror feature, explained in Chapter 25, “Port
Mirror” on page 443.

Table 164. Numbered IPv4 ACL with Protocol Example

Command

Description

awplus> enable

Enter the Privileged Executive mode from
the User Executive mode.

awplus# configure terminal

Enter the Global Configuration mode.

awplus(config)# access-list 3011
deny proto 17 152.12.45.0/24 any
vlan 12

Create a Numbered IPv4 ACL with an ID of
3011 that denies protocol 17 packets and
VLAN ID 12 from the host source address of
152.12.45.0/24 subnet.

Advertising
Popular Brands
Popular manuals