Assigning named ipv4 and ipv6 acls to vty lines, Assigning named ipv4 and ipv6 acls to vty lines 1 – Allied Telesis AT-9000 Series User Manual

AT-9000 Switch Command Line User’s Guide

1191

Assigning Named

IPv4 and IPv6

ACLs to VTY

Lines

When you create a named IPv4 or IPv6 ACL, you enter the commands in
the IP ACL command mode or the Configuration IPv6 ACL command
mode, respectively. The following examples show how to assign IPv4 and
IPv6 ACLs to VTY lines. See the following:



“Assigning Named IPv4 ACLs to VTY Lines” on page 1191



“Assigning Named IPv6 ACLs to VTY Lines” on page 1192

Assigning Named IPv4 ACLs to VTY Lines

This example creates a Named IPv4 ACL, called “deny-all-but-one,” that
grants IP address 10.0.0.7 full access to the switch and then denies all IP
addresses access to the switch. Then deny-all-but-one is assigned to all
ten VTY lines with the ACCESS-CLASS command. The result of this
example is that only IP address 10.0.0.7 has remote access to the switch.
See Table 137.

awplus(config)# mac access-list
4000 permit ip host 10.0.0.5 host
10.0.0.20

Creates an ACL with an ID number of
4000 that allows IP address 10.0.0.5 full
access to the switch.

awplus(config)# mac access-list
4001 deny ip any host 10.0.0.20

Creates an ACL with an ID number of
4001 that denies all IP addresses access
to the switch.

awplus(config)# line vty 0 9

Access the LINE VTY mode for lines 0
through 9.

awplus(config-line)# access-
class 4000

Assigns ACL 4000 to VTY lines 0 through
9.

awplus(config-line)# access-
class 4001

Assigns ACL 4001 to VTY lines 0 through
9.

Table 137. Assigning MAC ACLs to VTY Lines Example (Continued)

Command

Description

Table 138. Assigning Named IPv4 ACLs to VTY Lines Example

Command

Description

awplus> enable

Enter the Privileged Executive mode from
the User Executive mode.

awplus# configure terminal

Enter the Global Configuration mode.

awplus(config)# interface vlan10

Enter the Port Interface mode for VLAN
10.