Allied Telesis AT-9028 - Table 115. Numbered Ipv4 ACL with TCP Port Packets Example

To Next Page

To Previous Page

AT-9000 Switch Command Line User’s Guide

Section X: Network Management 1037

24 and also if the source and destination TCP ports are in the range of 67

to 87. This example requires a permit ACL because the permitted traffic,

TCP packets with port numbers in the range of 67 to 87, is a subset of all

TCP packets on the port:

Numbered IPv4 ACL with UDP Port Packets Example

access-list

id_number

action

udp

src_ipaddress

eq|lt|gt|ne|range

src_udp_port

dst_ipaddress

eq|lt|gt|ne|range

dst_udp_port

vlan

vid

The ID_NUMBER parameter assigns the ACL a unique ID number in the

range of 3000 to 3699. Within this range, you can number ACLs in any

order.

The ACTION parameter specifies the action that the port performs on

packets matching the filtering criteria of the ACL. Here are the possible

actions:

 permit— Forwards all ingress packets that match the ACL. Ports, by

default, accept all ingress packets. Consequently, a permit ACL is only

necessary when you want a port to forward a subset of packets that

are otherwise discarded.

 deny— Discards all ingress packets that match the ACL.

 copy-to-mirror— Copies all ingress packets that match the ACL to the

destination port of the mirror port. This action must be used together

with the port mirror feature, explained in Chapter 17, “Port Mirror” on

page 313.

Table 115. Numbered IPv4 ACL with TCP Port Packets Example

Command Description

awplus> enable Enter the Privileged Executive mode from

the User Executive mode.

awplus# configure terminal Enter the Global Configuration mode.

awplus(config)

# access-list 3017

permit tcp 154.11.234.0/24 range 67

87 154.11.235.0/24

range 67 87

Defines ACL 3017 to permit packets from

TCP port 67 to 87 on IP addresses

154.11.234.0/24 to 154.11.235.0/24.

awplus(config)

# access-list 3005

deny tcp any any range 67 87

Defines ACL 3005 to deny packets from TCP

ports 67 through 87 to any IPv4 address.

awplus(config)

# interface port1.0.21 Moves to the Port Interface mode for port 21.

awplus(config_if)

# access-group 3017 Applies ACL 3017 to the port with the

ACCESS-GROUP command.

awplus(config_if)

# access-group 3005 Applies ACL 3005 to the port with the

ACCESS-GROUP command.

Main Page

Allied Telesis AT-9028 - Table 115. Numbered Ipv4 ACL with TCP Port Packets Example

Table of Contents

Related product manuals