Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 925
Brocade Mobility RFS Controller CLI Reference Guide
913
53-1003098-01
12
ospf
Identifies the OSPF protocol (number 89)
OSPF is a link-state interior gateway protocol (IGP). OSPF routes IP packets within a single routing domain
(autonomous system), like an enterprise LAN. OSPF gathers link state information from neighbor routers and
constructs a network topology. The topology determines the routing table presented to the Internet Layer
which makes routing decisions based solely on the destination IP address found in IP packets.
vrrp
Identifies the VRRP protocol (number 112)
VRRP allows a pool of routers to be advertized as a single virtual router. This virtual router is configured by
hosts as their default gateway. VRRP elects a master router, from this pool, and assigns it a virtual IP
address. The master router routes and forwards packets to hosts on the same subnet. When the master
router fails, one of the backup routers is elected as the master and its IP address is mapped to the virtual IP
address.
<SOURCE-IP/MASK>
Specifies the source IP address and mask (A.B.C.D/M) to match. Packets (EIGRP, GRE, IGMP, IGP, OSPF, or
VRRP) received from the specified sources are permitted.
<NETWORK-GROUP-ALIAS
-NAME>
Applies a network-group alias to identify the source IP addresses. Packets (EIGRP, GRE, IGMP, IGP, OSPF, or
VRRP) received from the sources defined in the network-group alias are permitted.
•
<NETWORK-GROUP-ALIAS-NAME> – Specify the network-group alias name (should be existing and
configured).
any
Specifies the source as any IP address. Packets (EIGRP, GRE, IGMP, IGP, OSPF, or VRRP) received from any
source are permitted.
from-vlan <VLAN-ID>
Specifies a single VLAN or a range of VLANs as the match criteria. Packets (EIGRP, GRE, IGMP, IGP, OSPF, or
VRRP) received from the VLANs identified here are permitted.
•
<VLAN-ID> – Specify the VLAN ID. A range of VLANs is represented by the start and end VLAN IDs
separated by a hyphen (for example, 12-20).
Use this option with WLANs and port ACLs.
host
<SOURCE-HOST-IP>
Identifies a specific host (as the source to match) by its IP address. Packets (EIGRP, GRE, IGMP, IGP, OSPF, or
VRRP) received from the specified host are permitted.
•
<SOURCE-HOST-IP> – Specify the source host’s exact IP address in the A.B.C.D format.
<DEST-IP/MASK>
Specifies the destination IP address and mask (A.B.C.D/M) to match. Packets (EIGRP, GRE, IGMP, IGP, OSPF,
or VRRP) addressed to the specified destinations are permitted.
any
Specifies the destination as any destination IP address. Packets (EIGRP, GRE, IGMP, IGP, OSPF, or VRRP)
addressed to any destination are permitted.
host <DEST-HOST-IP>
Identifies a specific host (as the destination to match) by its IP address. Packets (EIGRP, GRE, IGMP, IGP,
OSPF, or VRRP) addresses to the specified host are permitted.
•
<SOURCE-HOST-IP> – Specify the destination host’s exact IP address in the A.B.C.D format.
<NETWORK-GROUP-ALIAS
-NAME>
Applies a network-group alias to identify the destination IP addresses. Packets (EIGRP, GRE, IGMP, IGP, OSPF,
or VRRP) addressed to the destinations identified in the network-group alias are permitted.
•
<NETWORK-ALIAS-NAME> – Specify the network-group alias name (should be existing and configured).
After specifying the source and destination IP address(es), specify the action taken in case of a match.
log
Logs all deny events matching this entry. If a source and/or destination IP address is matched (i.e. a packet
(EIGRP, GRE, IGMP, IGP, OSPF, or VRRP) is received from a specified IP address and/or is destined for a
specified IP address), an event is logged.
rule-precedence
<1-5000>
rule-description <LINE>
The following keywords are recursive and common to all of the above parameters:
•
rule-precedence – Assigns a precedence for this permit rule
•
<1-5000> – Specify a value from 1 - 5000.
Lower the precedence higher is the priority. A rule with precedence 3 gets priority over a rule with
precedence 10.
•
rule-description – Optional. Configures a description for this permit rule. Provide a description that
uniquely identifies the purpose of this rule (should not exceed 128 characters in length).