Allied Telesis AT-9000 Series User Manual

AT-9000 Switch Command Line User’s Guide

1171



host ipaddress— Matches packets with a specified IPv4 address
and is an alternative to the IPADRESS/MASK variable for
addresses of end nodes. The HOST keyword indicates that the
IPv4 address is assigned to a specific end node and that no mask
is required.

The VLAN parameter determines if an ACL filters VLANs. You use the
parameter to specify the VID. You can specify one VID per command. If
you omit this parameter, the ACL applies to all traffic. In other words, no
filtering is done by the ACL based on the VLAN.

The following tables provide several examples of the command. In
Table 122, a Numbered IPv4 ACL is created with an ID number of 3097,
that blocks all untagged ingress packets with the specified destination
address of 149.107.22.0/24:

The example in Table 123 creates two Numbered IPv4 ACLs that block all
traffic with specified subnets 149.87.201.0/24 and 149.87.202.0/24.

If you want a port to forward a subset of packets of a more-specific traffic
flow, you have to create a permit ACL for the permitted packets and a

Table 122. Blocking Ingress Packets Example

Command

Description

awplus> enable

Enter the Privileged Executive mode
from the User Executive mode.

awplus# configure terminal

Enter the Global Configuration mode.

awplus(config)# access-list 3097 deny ip
any 149.107.22.0/24

Create the deny ACL with the
ACCESS-LIST IP command.

Table 123. Blocking Traffic with Two IPv4 Addresses

Command

Description

awplus> enable

Enters the Privileged Executive
mode from the User Executive
mode.

awplus# configure terminal

Enters the Global Configuration
mode.

awplus(config)# access-list 3104 deny ip
149.87.201.0/24 any

Creates the deny ACL for the
packets from the 149.87.201.0/24
subnet.

awplus(config)# access-list 3105 deny ip
149.87.202.0/24 any

Creates the deny ACL for the
packets from the 149.87.202.0/24
subnet.