Brocade Mobility RFS7000-GR Controller CLI Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual
Page 370
356
Brocade Mobility RFS7000-GR CLI Reference Guide
53-1001945-01
Extended ACL Config Commands
14
Whenever the interface receives the packet, its content is checked against the ACE’s in the ACL. It
is allowed/denied based on the ACL configuration.
•
Filtering on protocol types tcp/udp allows the user to specify port numbers as filtering criteria.
•
Select icmp to allow/deny icmp packets. Selecting icmp provides the option of filtering icmp
packets based on icmp type and code.
NOTE
The log option is functional only for router ACL’s. The log option displays an informational logging
message for the packet that matches the entry sent to the console.
Example
The following example denies traffic between two subnets:
RFS7000(config-ext-nacl)#deny ip 192.168.2.0/24 192.168.1.0/24
RFS7000(config-ext-nacl)#permit ip any any
RFS7000(config-ext-nacl)#
The following example denies tcp traffic with source port range between 20 - 23 from the source
subnet to destination sub net:
RFS7000(config-ext-nacl)#deny tcp 192.168.1.0/24 192.168.2.0/24 range 20 23
RFS7000(config-ext-nacl)#permit ip any any
RFS7000(config-ext-nacl)#
The following example denies udp traffic with a source port range between 20 - 23 from the source
subnet to destination sub net.
RFS7000(config-ext-nacl)#deny udp 192.168.1.0/24 192.168.2.0/24 range 20 23
RFS7000(config-ext-nacl)#permit ip any any
RFS7000(config-ext-nacl)#
The following example denies icmp traffic from any source to any destination. The keyword any is
used to match any source or destination IP address.
RFS7000(config-ext-nacl)#deny icmp any any
RFS7000(config-ext-nacl)#permit ip any any
RFS7000(config-ext-nacl)#