C613-50055-01 REV A Command Reference for x230 Series Edge Switches 719
AlliedWare Plus™ Operating System - Version 5.4.5-0.x
IPV4 SOFTWARE ACCESS CONTROL LIST (ACL) COMMANDS
ACCESS
-LIST (EXTENDED NUMBERED)
Mode Global Configuration
Default Any traffic controlled by a software ACL that does not explicitly match a filter is
denied.
Usage Use this command when configuring access-list for filtering IP software packets. To
enable backwards compatibility you can either create access-lists from within this
command, or you can enter access-list followed by only the number. This latter
method moves you to the IPv4 Extended ACL Configuration mode for the selected
access-list number, and from here you can configure your access-lists by using the
commands (access-list extended ICMP filter), (access-list extended IP filter), and
(access-list extended IP protocol filter).
The table IPv4 Software Access List Commands and Prompts shows the prompts at
which ACL commands are entered. See the relevant links shown for the Related
Commands.
Note that packets must match both the source and the destination details.
NOTE: Software ACLs will deny access unless explicitly permitted by an ACL action.
Examples You can enter the extended named ACL in the Global Configuration mode
together with the ACL filter entry on the same line, as in previous software releases
as shown below:
awplus# configure terminal
awplus(config)# access-list 101 deny ip 172.16.10.0 0.0.0.255
any
Alternatively, you can enter the extended named ACL in Global Configuration
mode before specifying the ACL filter entry in the IPv4 Extended ACL
Configuration mode, as shown below:
awplus# configure terminal
awplus(config)# access-list 101
awplus(config-ip-ext-acl)# deny ip 172.16.10.0 0.0.0.255 any
<destination> The destination address of the packets. You can specify a single
host, a subnet, or all destinations. The following are the valid
formats for specifying the destination:
any Matches any destination IP address.
host<ip-addr> Matches a single destination host with the
IP address given by <ip-addr> in dotted
decimal notation.
<ip-addr>
<reverse-mask>
An IPv4 address, followed by a reverse
mask in dotted decimal format. For
example, entering 192.168.1.1
0.0.0.255 is the same as entering
192.168.1.1/24. This matches any
destination IP address within the specified
subnet.
Parameter Description
To Next Page
Loading...
