Quality of Service
92
ACL configuration examples
Configure Access Control Lists (CLI example)
The following configuration examples illustrate how to use Access Control Lists (ACLs) to block traffic.
These basic configurations illustrate common principles of ACL filtering.
NOTE: Each ACL filters traffic that ingresses on the port to which the ACL is added. The egrport
classifier filters traffic that ingresses the port to which the ACL is added, and then egresses the port
specified by egrport. In most common configurations, egrport is not used.
• Example 1 Use this configuration to block traffic to a specific host.
>> Main# /cfg/acl/acl 255 (Define ACL 255)
>> ACL 255# ipv4/dip 100.10.1.116 255.255.255.255
>> Filtering IPv4# ..
>> ACL 255# action deny
>> ACL 255# /cfg/port 20/aclqos (Add ACL to port 20)
>> Port 20 ACL# add acl 255
>> Port 20 ACL# apply
>> Port 20 ACL# save
In this example, all traffic that ingresses on port 20 is denied if it is destined for the host at IP
address 100.10.1.116.
• Example 2 Use this configuration to block traffic from a network destined for a specific host
address.
>> Main# /cfg/acl/acl 256 (Define ACL 256)
>> ACL 256# ipv4/sip 100.10.1.0 255.255.255.0
>> ACL 256# ipv4/dip 200.20.1.116 255.255.255.255
>> Filtering IPv4# ..
>> ACL 256# action deny
>> ACL 256# /cfg/port 20/aclqos (Add ACL to port 20)
>> Port 20 ACL# add acl 256
>> Port 20 ACL# apply
>> Port 20 ACL# save
In this example, all traffic that ingresses on port 20 with source IP from the class 100.10.1.0/24
and destination IP 200.20.1.116 is denied.
