Chapter 76: ACL Commands
1288
This example configures ports 22 and 23 to accept only untagged ingress
packets containing destination addresses in the 149.124.47.0 subnet. This
example requires both permit and deny ACLs because the permitted traffic
is a subset of all traffic on the ports. The permit ACL, ID number 3011,
specifies the 149.124.47.0 subnet and the deny ACL, ID number 3012,
defines all traffic. The permit access list is added first to the ports with the
ACCESS-GROUP command so that packets are compared against it first,
before the deny ACL:
awplus> enable
awplus# configure terminal
awplus(config)# access-list 3011 permit ip any 149.124.47.0/
24
awplus(config)# access-list 3012 deny ip any any
awplus(config)# interface port1.0.22,port1.0.23
awplus(config_if)# access-group 3011
awplus(config_if)# access-group 3012
awplus(config_if)# end
awplus# show access-list
awplus# show interface port1.0.22,port1.0.23 access-group
This example configures ports 17 and 18 to accept untagged ingress
packets from the 149.82.134.0 subnet, and to discard all other packets. As
in the previous example, both a permit access list and a deny access list
are required. The allowed traffic is defined with a permit ACL, which is
given the ID number 3022. The deny ACL, with the ID number 3101,
specifies all traffic:
awplus> enable
awplus# configure terminal
awplus(config)# access-list 3022 permit ip any 149.82.134.0/
24 vlan 22
awplus(config)# access-list 3010 deny ip any any
awplus(config)# interface port1.0.17,port1.0.18
awplus(config_if)# access-group 3022
awplus(config_if)# access-group 3101
awplus(config_if)# end
awplus# show access-list
awplus# show interface port1.0.17,port1.0.18 access-group
To Next Page
Loading...
Need help?
General
