Allied Telesis AT-FS970M Series User Manual

Chapter 97: ACL Commands

1552

ipaddress/mask: Matches packets that have a destination IP
address of a specific subnet or end node.

host ipaddress: Matches packets with a destination IP address
of a specific end node. The HOST keyword indicates that the
address is of a specific end node and that no mask is required.

vlan

Indicates a VLAN identifier. Specify a VLAN if you want the ACL to
filter tagged packets. Omit a VLAN if you want the ACL to filter
untagged packets. Specify a value between 1 and 4094. You can
enter only one VID.

Mode

Global Configuration mode

Description

Use this command to create Numbered IPv4 ACLs that identify traffic
flows based on ICMP and source and destination IP addresses.

Confirmation Commands

“SHOW ACCESS-LIST” on page 1619 and “SHOW INTERFACE
ACCESS-GROUP” on page 1621

Examples

This example adds a deny access list to port 16 so that it discards all
untagged ingress packets that are ICMP, regardless of their source or
destination address. The access list is assigned the ID number 3012.
Since the VID parameter is not included, this ACL applies to untagged
packets:

awplus> enable
awplus# configure terminal
awplus(config)# access-list 3012 deny icmp any any
awplus(config)# interface port1.0.16
awplus(config_if)# access-group 3012
awplus(config_if)# end
awplus# show access-list
awplus# show interface port1.0.16 access-group