AT-9000 Switch Command Line User’s Guide
Section X: Network Management 1029
that blocks all untagged ingress packets with the specified destination
address of 149.107.22.0/24:
The example in Table 109 creates two Numbered IPv4 ACLs that block all
traffic with specified subnets 149.87.201.0/24 and 149.87.202.0/24.
If you want a port to forward a subset of packets of a more-specific traffic
flow, you have to create a permit ACL for the permitted packets and a
deny ACL for the denied traffic flow. This is illustrated in the example in
Table 110 on page 1030 in which port 15 is configured to forward only
ingress packets from the 149.55.65.0/24 subnet and to discard all other
traffic. The permit ACL, which has the ID number 3015, specifies the
packets from the permitted subnet, while the deny ACL, with the ID
number 3011, specifies all traffic.
Table 108. Blocking Ingress Packets Example
Command Description
awplus> enable Enter the Privileged Executive mode
from the User Executive mode.
awplus# configure terminal Enter the Global Configuration mode.
awplus(config)# access-list 3097 deny ip
any 149.107.22.0/24
Create the deny ACL with the
ACCESS-LIST IP command.
Table 109. Blocking Traffic with Two IP Addresses
Command Description
awplus> enable Enters the Privileged Executive
mode from the User Executive
mode.
awplus# configure terminal Enters the Global Configuration
mode.
awplus(config)# access-list 3104 deny ip
149.87.201.0/24 any
Creates the deny ACL for the
packets from the 149.87.201.0/24
subnet.
awplus(config)# access-list 3105 deny ip
149.87.202.0/24 any
Creates the deny ACL for the
packets from the 149.87.202.0/24
subnet.
To Next Page
Loading...
