Support User Manuals

Allied Telesis AT-S63 Dust Collector User Manual

Open as PDF

of 514

Chapter 11: Access Control Lists

128 Section II: Advanced Operations

In this example, the traffic on ports 14 and 15 is restricted to packets from

the source subnet 149.44.44.0. All other IP traffic is denied. Classifier ID

11, which specifies the traffic flow to be permitted by the ports, is assigned

to an ACL with an action of permit. Classifier ID 17 specifies all IP traffic

and is assigned to an ACL whose action is deny. Since a permit ACL

overrides a deny ACL, the port will accept the traffic from the 149.44.44.0

subnet, while discarding all other IP traffic, even though that traffic also

happens to meet the criteria of the deny ACL.

Figure 9. ACL Example 4

This example limits the traffic on port 22 to HTTPS web traffic intended for

the end node with the IP address 149.55.55.55, and rejects all other IP

traffic. (The Dst IP Mask field in classifier 6 is left empty because a mask is

not required for a source or destination IP address for a specific end node.

If you wanted to include it, it would be 255.255.255.255.)

Figure 10. ACL Example 5

Create Access Control Lists (ACL)

1 - ACL ID ................. 21

2 - Description .......... 149.44.44-permit

3 - Action .................. Permit

4 - Classifier List ...... 11

5 - Port List .............. 14,15

Create Classifier

01 - Classifier ID: ..... 11

02 - Description: ....... 149.44.44-flow

.

.

12 - Src IP Addr: ....... 149.44.44.0

13 - Src IP Mask: ...... 255.255.255.0

Create Access Control Lists (ACL)

1 - ACL ID ................. 5

2 - Description .......... All IP - deny

3 - Action .................. Deny

4 - Classifier List ...... 17

5 - Port List .............. 14,15

Create Classifier

01 - Classifier ID: ..... 17

02 - Description: ....... All IP flow

.

.

08 - Protocol: ............ IP

Create Access Control Lists (ACL)

1 - ACL ID ................. 4

2 - Description .......... Web - permit

3 - Action .................. Permit

4 - Classifier List ...... 6

5 - Port List .............. 22

Create Classifier

01 - Classifier ID: ...... 6

02 - Description: ....... 55.55 HTTPS

.

.

14 - Dst IP Addr: ....... 149.55.55.55

15 - Dst IP Mask: ......

.

17 - TCP Dst Port: ..... 443

Create Access Control Lists (ACL)

1 - ACL ID ................. 5

2 - Description .......... All IP - deny

3 - Action .................. Deny

4 - Classifier List ...... 17

5 - Port List .............. 22

Create Classifier

01 - Classifier ID: ..... 17

02 - Description: ....... All IP flow

.

.

08 - Protocol: ............ IP

previous next