Figure 89: acl example 4 figure 90: acl example 5 – Allied Telesis AT-S63 User Manual
Page 301
AT-S63 Management Software Menus Interface User’s Guide
Section II: Advanced Operations
301
In this example, the traffic on ports 14 and 15 is restricted to packets from
the source subnet 149.44.44.0. All other IP traffic is denied. Classifier ID
11, which specifies the traffic flow to be permitted by the ports, is assigned
to an ACL with an action of permit. Classifier ID 17 specifies all IP traffic
and is assigned to an ACL whose action is deny. Since a permit ACL
overrides a deny ACL, the port will accept the traffic from the 149.44.44.0
subnet even though that traffic also happens to meet the criteria of the
deny ACL.
Figure 89. ACL Example 4
This example limits the traffic on port 22 to HTTPS web traffic intended for
the end node with the IP address 149.55.55.55, while rejecting all other IP
traffic. (The Dst IP Mask field in classifier 6 is left empty because you do
not need to specify a mask for the source or destination IP address of an
end node. If you want to include a mask, it would be 255.255.255.255.)
Figure 90. ACL Example 5
Create Access Control Lists (ACL)
1 - ACL ID ................. 21
2 - Description .......... 149.44.44-permit
3 - Action .................. Permit
4 - Classifier List ...... 11
5 - Port List .............. 14,15
Create Classifier
01 - Classifier ID: ..... 11
02 - Description: ....... 149.44.44-flow
.
.
12 - Src IP Addr: ....... 149.44.44.0
13 - Src IP Mask: ...... 255.255.255.0
Create Access Control Lists (ACL)
1 - ACL ID ................. 5
2 - Description .......... All IP - deny
3 - Action .................. Deny
4 - Classifier List ...... 17
5 - Port List .............. 14,15
Create Classifier
01 - Classifier ID: ..... 17
02 - Description: ....... All IP flow
.
.
08 - Protocol: ............ IP
Create Access Control Lists (ACL)
1 - ACL ID ................. 4
2 - Description .......... Web - permit
3 - Action .................. Permit
4 - Classifier List ...... 6
5 - Port List .............. 22
Create Classifier
01 - Classifier ID: ...... 6
02 - Description: ....... 55.55 HTTPS
.
.
14 - Dst IP Addr: ....... 149.55.55.55
15 - Dst IP Mask: ......
.
17 - TCP Dst Port: ..... 443
Create Access Control Lists (ACL)
1 - ACL ID ................. 5
2 - Description .......... All IP - deny
3 - Action .................. Deny
4 - Classifier List ...... 17
5 - Port List .............. 22
Create Classifier
01 - Classifier ID: ..... 17
02 - Description: ....... All IP flow
.
.
08 - Protocol: ............ IP