Brocade Network OS Command Reference v4.1.0 User Manual

Page 684

Advertising
background image

646

Network OS Command Reference

53-1003115-01

seq (extended IP ACLs)

2

range

The policy applies to all TCP or UDP port numbers that are between the first
TCP or UDP port name or number and the second one you enter following
the range parameter. The range includes the port names or numbers you
enter. For example, to apply the policy to all ports between and including
23 (Telnet) and 53 (DNS), enter the following: range 23 53. The first port
number in the range must be lower than the last number in the range.

any

Applies to all IP addresses received. The address can also be entered as an
IP address along with a mask. The mask value can be entered in Classless
Interdomain Routing (CIDR) format or in wildcard mask format.
For example, the following to entries yield the same results. The CIDR
equivalent of “209.157.22.26 0.0.0.255” is “209.157.22.26/24”.
In wildcard format you can mask for any bit. For example, 0.255.0.255 is
valid.

Destination_ip mask

Specifies the destination host IP address for which to set permit or deny
conditions. The address can also be entered as an IP address, or an
IP address with a mask. The mask value can be entered in Classless
Interdomain Routing (CIDR) format, or in wildcard mask format.
For example, the following to entries yield the same results. The CIDR
equivalent of “209.157.22.26 0.0.0.255” is “209.157.22.26/24”.
In wildcard format, you can mask for any bit. For example, 0.255.0.255 is
valid.

host Destination_ip

If only a single IP address is required for the filter it can be specified using
the “host” keyword along with the source IP address.

eq

The policy applies to the TCP or UDP port name or number you enter
after eq.

gt

The policy applies to TCP or UDP port numbers greater than the port
number or the numeric equivalent of the port name you enter after gt.

lt

The policy applies to TCP or UDP port numbers that are less than the port
number or the numeric equivalent of the port name you enter after lt.

neq

The policy applies to all TCP or UDP port numbers except the port number
or port name you enter after neq.

dscp value

Matches the specified “value” against the DSCP value of the received
packet. Valid values range from 0 through 63.

ack fin rst sync, urg, psh

Any combination of these TCP flags may be specified.

count

Enables ACL hit accounting on the associated filter.

log

Packets matching the filter are sent to the CPU and a corresponding log
entry is generated by enabling the logging mechanism. This parameter is
only available with permit and deny.

remark comment

An ASCII string 0 to 256 characters in length.

Defaults

No IP ACLs are configured.

Command Modes

Feature Access Control List configuration mode

Advertising
Popular Brands
Popular manuals