Chapter 76: ACL Commands
1296
Mode
Global Configuration mode
Description
Use this command to create access control lists that filter ingress packets
based on TCP port numbers.
Confirmation Commands
“SHOW ACCESS-LIST” on page 1306 and “SHOW INTERFACE
ACCESS-GROUP” on page 1308
Examples
This example creates an ACL, ID number 3045, that discards all untagged
ingress TCP packets on port 5:
awplus> enable
awplus# configure terminal
awplus(config)# access-list 3045 deny tcp any
range 0 65535
any range 0 65535
awplus(config)# interface port1.0.5
awplus(config_if)# access-group 3045
This example creates an ACL that discards all untagged ingress packets
that have the source and destination TCP port number 165. The ACL is
applied to port 1 and assigned the ID number 3078:
awplus> enable
awplus# configure terminal
awplus(config)# access-list 3078 deny tcp any
eq 165 any
eq
165
awplus(config)# interface port1.0.1
awplus(config_if)# access-group 3078
This example defines an ACL that causes port 18 to discard all untagged
ingress TCP packets that have source and destination TCP port numbers
in the range of 12 to 100 and that are going to the 149.123.159.0 subnet.
The list is assigned the ID number 3126:
awplus> enable
awplus# configure terminal
awplus(config)# access-list 3126 deny tcp any range 12 100
149.123.159.0/24
range 12 100
awplus(config)# interface port1.0.18
awplus(config_if)# access-group 3126
To Next Page
Loading...
