Allied Telesis AT-9000/28 - Creating Acls; Table 109. ACCESS-LIST Commands for Creating Acls

To Next Page

To Previous Page

AT-9000 Switch Command Line User’s Guide

Section X: Network Management 1025

Creating ACLs

There are six commands for creating ACLs, one for each filtering criterion.

The commands are listed in this table.

This section focuses only on the ACCESS-LIST IP command, which is

used to filter packets based on source and destination IP addresses. For

descriptions of the other commands, refer to Chapter 68, “ACL

Commands” on page 1035.

Here is the format of the command for creating ACLs that filter packets

based on source and destination IP addresses:

access-list

id_number

action

src_ipaddress

dst_ipaddress

[vlan

vid

]

This command is found in the Global Configuration mode.

The ID_NUMBER parameter assigns the ACL a unique ID number in the

range of 3000 to 3699. ACLs can be numbered in any order.

The ACTION parameter is the action that the port is to perform on packets

matching the filtering criteria of the ACL. Here are the possible actions:

 permit - Forwards all ingress packets that match the ACL. Ports, by

default, accept all ingress packets. Consequently, a permit ACL is only

Table 109. ACCESS-LIST Commands for Creating ACLs

To Use This Command

Create ACLs for source and

destination IP addresses.

ACCESS-LIST id_number action IP src_ipaddress

dst_ipaddress [VLAN vid]

Create ACLs for ICMP packets. ACCESS-LIST

id_number

action

ICMP

src_ipaddress dst_ipaddress

ICMP-TYPE

icmp-type

[VLAN

vid

]

Create ACLs for packets of specified

protocols.

ACCESS-LIST id_number action PROTO

protocol_number src_ipaddress dst_ipaddress [vlan vid]

Create ACLs that filter ingress packets

based on TCP port numbers.

ACCESS-LIST id_number action TCP src_ipaddress

EQ|LT|GT|NE|RANGE src_tcp_port dst_ipaddress

EQ|LT|GT|NE|RANGE dst_tcp_port [VLAN vid]

Create ACLs that filter ingress packets

based on UDP port numbers.

ACCESS-LIST id_number action UDP src_ipaddress

EQ|LT|GT|NE|RANGE src_udp_port dst_ipaddress

EQ|LT|GT|NE|RANGE dst_udp_port [VLAN vid]

Create ACLs for source and

destination MAC addresses.

ACCESS-LIST id_number action src_mac_address|ANY

src_mac_mask dst_mac_address|ANY dst_mac_mask

Main Page

Allied Telesis AT-9000/28 - Creating Acls; Table 109. ACCESS-LIST Commands for Creating Acls

Table of Contents

Other manuals for Allied Telesis AT-9000/28

Related product manuals