Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 913

Advertising
background image

Brocade Mobility RFS Controller CLI Reference Guide

901

53-1003098-01

12

TCP

UDP

PROTO (any Internet protocol other than TCP, UDP, and ICMP)

The last access control entry (ACE) in the access list is an implicit deny statement.

Whenever the interface receives the packet, its content is checked against the ACEs in the ACL. It is
allowed or denied based on the ACL configuration.

Filtering TCP/UDP allows you to specify port numbers as filtering criteria

Select ICMP as the protocol to allow or deny ICMP packets. Selecting ICMP filters ICMP
packets based on ICMP type and code.

NOTE

The log option is functional only for router ACL’s. The log option displays an informational logging
message about the packet that matches the entry sent to the console.

Example

rfs7000-37FABE(config-ip-acl-test)#deny proto vrrp any any log rule-precedence

600

rfs7000-37FABE(config-ip-acl-test)#deny proto ospf any any log rule-precedence

650

rfs7000-37FABE(config-ip-acl-test)#show context

ip access-list test

deny proto vrrp any any log rule-precedence 600

deny proto ospf any any log rule-precedence 650

rfs7000-37FABE(config-ip-acl-test)#

Using aliases in IP access list.

The following examples show the usage of network-group aliases:

rfs4000-229D58(config)#ip access-list bar

Example 1:

rfs4000-229D58(config-ip-acl-bar)#permit ip $foo any rule-precedence 10

Example 2

rfs4000-229D58(config-ip-acl-bar)#permit tcp 192.168.100.0/24 $foobar eq ftp

rule-precedence 20

Example 3

rfs4000-229D58(config-ip-acl-bar)#deny ip $guest $lab rule-precedence 30

In example1, network-group alias $foo is used as a source

In example 2, network-group alias $foobar is used as a destination

In example 3, network-group aliases $guest and $lab are used as source and destination
respectively.

The following examples show the usage of network-service aliases:

Example 4

rfs4000-229D58(config-ip-acl-bar)# permit $kerberos 10.60.20.0/24

$kerberos-servers log rule-precedence 40

Example 5

Advertising
Popular Brands
Popular manuals