C613-50631-01 Rev A Command Reference for IE340 Series 2019
AlliedWare Plus™ Operating System - Version 5.5.3-0.x
IPV4 SOFTWARE ACCESS CONTROL LIST (ACL) COMMANDS
(ACCESS-LIST EXTENDED IP FILTER)
Mode Extended ACL Configuration
Default Any traffic controlled by a software ACL that does not explicitly match a filter is
denied.
Usage notes An ACL can be configured with multiple ACL filters using sequence numbers. If the
sequence number is omitted, the next available multiple of 4 will be used as the
sequence number for the new filter. A new ACL filter can be inserted into the
middle of an existing list by specifying the appropriate sequence number.
NOTE: The access control list being configured is selected by running the access-list
(extended numbered) command or the access-list extended (named) command, with
the required access control list number, or name - but with no further parameters
selected.
Software ACLs will deny access unless explicitly permitted by an ACL action.
Example 1
[list-number]
First use the following commands to enter the IPv4 Extended ACL Configuration
mode and define a numbered extended access-list 101:
awplus# configure terminal
awplus(config)# access-list 101
awplus(config-ip-ext-acl)#
Then use the following commands to add a new entry to the numbered extended
access- list 101 that will reject packets from 10.0.0.1 to 192.168.1.1:
awplus(config-ip-ext-acl)# deny ip host 10.0.0.1 host
192.168.1.1
awplus(config-ip-ext-acl)# 20 permit ip any any
Example 2
[list-name]
First use the following commands to enter the IPv4 Extended ACL Configuration
mode and define a named access-list called ‘my-acl’:
awplus# configure terminal
awplus(config)# access-list extended my-acl
awplus(config-ip-ext-acl)#
<destination> The destination address of the packets. You can specify a single
host, a subnet, or all destinations. The following are the valid
formats for specifying the destination:
any Matches any destination IP address.
host <ip-addr> Matches a single destination host with the
IP address given by <ip-addr> in dotted
decimal notation.
<ip-addr>
<reverse-mask>
Alternatively, enter an IPv4 address
followed by a reverse mask in dotted
decimal format. For example, enter
192.168.1.1 0.0.0.255.
Parameter Description
To Next Page
Loading...
Need help?
General
