Brocade Mobility RFS7000-GR Controller CLI Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

368

Brocade Mobility RFS7000-GR CLI Reference Guide

53-1001945-01

Extended ACL Config Commands

14

Whenever the interface receives the packet, its content is checked against all the ACE’s in the ACL.
It is allowed based on the ACL configuration.

•

Filtering on Protocol types tcp/udp allows the user to specify port numbers as filtering criteria.

•

Select the protocol type icmp to allow/deny icmp packets. Selecting icmp allows filtering of
icmp packets based on icmp type and code.

NOTE

The log option is functional only for router ACL’s. The log option causes an informational logging
message about the packet matching the entry sent to the console.

Example
The example below allows IP traffic from the source subnet to destination subnet and denies all
other traffic over an interface.

RFS7000(config-ext-nacl)#permit ip 192.168.1.10/24 192.168.2.0/24 rule-precedence

40

RFS7000(config-ext-nacl)#

The example below permits telnet from the source subnet and the destination subnet and denies
all other traffic over an interface.

RFS7000(config-ext-nacl)#permit tcp 192.168.4.0/24 192.168.5.0/24 eq 23 rule-pre

cedence 10

RFS7000(config-ext-nacl)#

The example below permits icmp based traffic and denies all other traffic over an interface.

RFS7000(config-ext-nacl)#permit icmp any any rule-precedence 30

RFS7000(config-ext-nacl)#)#