AT-9000 Switch Command Line User’s Guide
1245
host ipaddress— Matches packets with a specified IPv4 address
and is an alternative to the IPADRESS/MASK variable for
addresses of end nodes. The HOST keyword indicates that the
IPv4 address is assigned to a specific end node and that no mask
is required.
The VLAN parameter determines if an ACL filters VLANs. You use the
parameter to specify the VID. You can specify one VID per command. If
you omit this parameter, the ACL applies to all traffic. In other words, no
filtering is done by the ACL based on the VLAN.
The following tables provide several examples of the command. In
Table 123, a Numbered IPv4 ACL is created with an ID number of 3097,
that blocks all untagged ingress packets with the specified destination
address of 149.107.22.0/24:
The example in Table 124 creates two Numbered IPv4 ACLs that block all
traffic with specified subnets 149.87.201.0/24 and 149.87.202.0/24.
If you want a port to forward a subset of packets of a more-specific traffic
flow, you have to create a permit ACL for the permitted packets and a
Table 123. Blocking Ingress Packets Example
Command Description
awplus> enable Enter the Privileged Executive mode
from the User Executive mode.
awplus# configure terminal Enter the Global Configuration mode.
awplus(config)# access-list 3097 deny ip
any 149.107.22.0/24
Create the deny ACL with the
ACCESS-LIST IP command.
Table 124. Blocking Traffic with Two IPv4 Addresses
Command Description
awplus> enable Enters the Privileged Executive
mode from the User Executive
mode.
awplus# configure terminal Enters the Global Configuration
mode.
awplus(config)# access-list 3104 deny ip
149.87.201.0/24 any
Creates the deny ACL for the
packets from the 149.87.201.0/24
subnet.
awplus(config)# access-list 3105 deny ip
149.87.202.0/24 any
Creates the deny ACL for the
packets from the 149.87.202.0/24
subnet.
To Next Page
Loading...
Need help?
General
