Numbered acls, Named acls – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 94

Advertising
background image

80

ServerIron ADX Security Guide

53-1002440-03

ACLs and ICMP

2

<num>

Also, to create ACL policies that filter ICMP message types, you can either enter the description of
the message type or enter its type and code IDs. Furthermore ICMP message type filtering is now
available for rule-based ACLs on BigIron Layer 2 Switch and Layer 3 Switch images.

Numbered ACLs

For example, to deny the echo message type in a numbered ACL, enter commands such as the
following when configuring a numbered ACL.

ServerIronADX(config)# access-list 109 deny ICMP any any echo

or

ServerIronADX(config)# access-list 109 deny ICMP any any 8 0

Syntax: [no] access-list <num>

Syntax: deny | permit icmp <source-ip-address> | <source-ip-address/subnet-mask> | any | host

<source-host>
<destination-ip-address> | <destination-ip-address/subnet-mask> | any | host
<destination-host>
<icmp-type> | <icmp-type-number> <icmp-code-number>

The deny | permit parameter indicates whether packets that match the policy are dropped or
forwarded.

You can either enter the name of the message type for <icmp-type> or the type number and code
number of the message type. Refer to

Table 5

on page 81 for valid values.

Named ACLs

For example, to deny the administratively-prohibited message type in a named ACL, enter
commands such as the following.

ServerIronADX(config)# ip access-list extended melon

ServerIronADX(config-ext-nacl)# deny ICMP any any administratively-prohibited

or

ServerIronADX(config)# ip access-list extended melon

ServerIronADX(config-ext-nacl)# deny ICMP any any 3 13

Syntax: [no] ip access-list extended <acl-num> | <acl-name>

Syntax: deny | permit icmp <source-ip-address> | <source-ip-address/subnet-mask> | any | host

<source-host>
<destination-ip-address> | destination-ip-address/subnet-mask> | any | host
<destination-host>
<icmp-type> | <icmp-type-number> <icmp-code-number>

The extended parameter indicates the ACL entry is an extended ACL.

The <acl-name> | <acl-num> parameter allows you to specify an ACL name or number. If using a
name, specify a string of up to 256 alphanumeric characters. You can use blanks in the ACL name
if you enclose the name in quotation marks (for example, “ACL for Net1”). The <acl-num>
parameter allows you to specify an ACL number if you prefer. If you specify a number, enter a
number from 100 – 199 for extended ACLs.

Advertising
Popular Brands
Popular manuals