AT-9000 Switch Command Line User’s Guide
1199
Creating ACLs
This section provides examples of how to create all of the ACL types. See
the following:
“Creating Numbered IPv4 ACLs” on page 1199
“Creating Numbered MAC ACLs” on page 1211
For descriptions of the commands mentioned in these procedures, refer to
Chapter 74, “ACL Commands” on page 1229.
Creating
Numbered IPv4
ACLs
Depending on the type of filter that you want to create, there are five
commands for creating Numbered IPv4 ACLs. These commands are listed
in Table 121. All of the commands for creating Numbered IPv4 ACLs begin
with “ACCESS-LIST” and are found in the Global Configuration mode.
For examples of the commands listed in Table 121, see the following:
“Numbered IPv4 ACL with IP Packets Examples” on page 1200
“Numbered IPv4 ACL with ICMP Packets Example” on page 1204
“Numbered IPv4 ACL with Protocol Packets Example” on page 1206
“Numbered IPv4 ACL with TCP Port Packets Example” on page 1207
“Numbered IPv4 ACL with UDP Port Packets Example” on page 1209
Table 121. ACCESS-LIST Commands for Creating Numbered IPv4 ACLs
To Do This Task Use This Command
Create Numbered IPv4 ACLs for
source and destination IPv4
addresses.
ACCESS-LIST
id_number action IP
src_ipaddress dst_ipaddress [VLAN vid]
Create Numbered IPv4 ACLs for
ICMP packets.
ACCESS-LIST
id_number action ICMP
src_ipaddress dst_ipaddress
[VLAN
vid
]
Create Numbered IPv4 ACLs for
packets of specified protocols.
ACCESS-LIST
id_number action
PROTO
protocol_number src_ipaddress
dst_ipaddress
[vlan
vid
]
Create Numbered IPv4 ACLs that filter
ingress packets based on TCP port
numbers.
ACCESS-LIST
id_number
action
TCP
src_ipaddress
EQ|LT|GT|NE|RANGE
src_tcp_port
dst_ipaddress
EQ|LT|GT|NE|RANGE
dst_tcp_port
[VLAN
vid
]
Create Numbered IPv4 ACLs that filter
ingress packets based on UDP port
numbers.
ACCESS-LIST
id_number
action
UDP
src_ipaddress
EQ|LT|GT|NE|RANGE
src_udp_port
dst_ipaddress
EQ|LT|GT|NE|RANGE
dst_udp_port
[VLAN
vid
]
To Next Page
Loading...
Need help?
General
