Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 921
Brocade Mobility RFS Controller CLI Reference Guide
909
53-1003098-01
12
permit proto [<PROTOCOL-NUMBER>|<PROTOCOL-NAME>|eigrp|gre|igmp|igp|ospf|vrrp]
[<SOURCE-IP/MASK>|<NETWORK-GROUP-ALIAS-NAME>|any|from-vlan
<VLAN-ID>|
host <SOURCE-HOST-IP>]
[<DEST-IP/MASK>|<NETWORK-GROUP-ALIAS-NAME>|any|
host <DEST-HOST-IP>] (log,rule-precedence <1-5000>)
{(rule-description <LINE>)}
permit [tcp|udp] [<SOURCE-IP/MASK>|<NETWORK-GROUP-ALIAS-NAME>|any|from-vlan
<VLAN-ID>|
host <SOURCE-HOST-IP>]
[<DEST-IP/MASK>|<NETWORK-GROUP-ALIAS-NAME>|any|
eq <SOURCE-PORT>|host <DEST-HOST-IP>|range <START-PORT> <END-PORT>]
[eq
[<1-65535>|<SERVICE-NAME>|bgp|dns|ftp|ftp-data|gopher|https|ldap|nntp|ntp|pop
3|
sip|smtp|ssh|telnet|tftp|www]|range <START-PORT> <END-PORT>]
(log,rule-precedence <1-5000>) {(rule-description <LINE>)}
Parameters
permit <NETWORK-SERVICE-ALIAS-NAME>
[<SOURCE-IP/MASK>|<NETWORK-GROUP-ALIAS-NAME>|any|from-vlan <VLAN-ID>|host
<SOURCE-HOST-IP>] [<DEST-IP/MASK>|any|host
<DEST-HOST-IP>|<NETWORK-GROUP-ALIAS-NAME>] (log,mark [8021p <0-7>|dscp
<0-63>],
rule-precedence <1-5000>) {(rule-description <LINE>)}
<NETWORK-SERVICE-ALI
AS-NAME>
Applies this permit rule to packets based on service protocols and ports specified in the network-service alias
•
<NETWORK-SERVICE-ALIAS-NAME> – Specify the network-service alias name (should be existing and
configured).
A network-service alias defines service protocols and ports to match. When used with an ACL, the
network-service alias defines the service-specific components of the ACL permit rule.
For more information on configuring network-service alias, see
.
<SOURCE-IP/MASK>
Specifies the source IP address and mask (A.B.C.D/M) to match. Packets, matching the service protocols and
ports specified in the network-service alias, received from the specified network are permitted.
<NETWORK-GROUP-ALIA
S-NAME>
Applies a network-group alias to identify the source IP addresses. Packets, matching the service protocols
and ports specified in the network-service alias, received from the addresses identified by the network-group
alias are permitted.
•
<NETWORK-GROUP-ALIAS-NAME> – Specify the network-group alias name (should be existing and
configured).
A network-group alias defines a single or a range of addresses of devices, hosts, and networks. When used
with an ACL, the network-group alias defines the network-specific component of the ACL rule (permit/deny).
any
Specifies the source as any source IP address. Packets, matching the service protocols and ports specified in
the network-service alias, received from any source are permitted.
from-vlan <VLAN-ID>
Specifies a single VLAN or a range of VLANs as the match criteria. Packets, matching the service protocols
and ports specified in the network-service alias, received from the specified VLAN(s) are permitted.
•
<VLAN-ID> – Specify the VLAN ID. To configure a range of VLANs, enter the start and end VLAN IDs
separated by a hyphen (for example, 12-20).
Use this option with WLANs and port ACLs.
host
<SOURCE-HOST-IP>
Identifies a specific host (as the source to match) by its IP address. Packets, matching the service protocols
and ports specified in the network-service alias, received from the specified host are permitted.
•
<SOURCE-HOST-IP> – Specify the source host’s exact IP address in the A.B.C.D format.
<DEST-IP/MASK>
Specifies the destination IP address and mask (A.B.C.D/M) to match. Packets, matching the service protocols
and ports specified in the network-service alias, addressed to the specified network are permitted.