Chapter 98: Advanced Access Control Lists (ACLs)
awplus> enable
awplus# configure terminal
awplus(config)# access-list 3122 deny ip any any
vlan 14
awplus(config)# interface port1.0.5,
port1.0.6
awplus(config_if)# access-group 3122
awplus(config_if)# end
awplus# show access-list
awplus# show interface port1.0.5,port1.0.6
access-group
1526
Here is an example of an ACL that filters tagged packets. See Table 164.
It blocks all tagged packets with the VID 14 from ports 5 and 6. The ACL is
assigned an ID number of 3122:
Table 164. ACL Filters Tagged IPv4 Packets Example
Command
Numbered IPv4 ACL with ICMP Packets Example
This is the command format for creating Numbered IPv4 ACLs that filter
ICMP packets based on source and destination IPv4 addresses:
id_number action
access-list
dst_ipaddress
The ID_NUMBER parameter assigns the ACL a unique ID number in the
range of 3000 to 3699. Within this range, you can number ACLs in any
order.
The ACTION parameter specifies the action that the port performs on
packets matching the filtering criteria of the ACL. Here are the possible
actions:
permit— Forwards all ingress packets that match the ACL. Ports,
by default, accept all ingress packets. Consequently, a permit ACL
icmp
vid
[vlan
]
Description
Enter the Privileged
Executive mode from the
User Executive mode.
Enter the Global
Configuration mode.
Create the deny ACL with
the ACCESS-LIST IP
command.
Move to the Port Interface
mode for ports 5 and 6.
Apply the ACL to the port
with the ACCESS-GROUP
command.
Return to the Privileged
Exec mode.
Confirm the configuration
of the ACL.
Confirm that the ACL has
been added to the port.
src_ipaddress