Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 926
914
Brocade Mobility RFS Controller CLI Reference Guide
53-1003098-01
12
permit [tcp|udp] [<SOURCE-IP/MASK>|<NETWORK-GROUP-ALIAS-NAME>|any|from-vlan
<VLAN-ID>|host <SOURCE-HOST-IP>]
[<DEST-IP/MASK>|<NETWORK-GROUP-ALIAS-NAME>|any|eq <SOURCE-PORT>|host
<DEST-HOST-IP>|range <START-PORT> <END-PORT>] [eq [<1-65535>|<SERVICE-NAME>|
bgp|dns|ftp|ftp-data|gopher|https|ldap|nntp|ntp|pop3|sip|smtp|ssh|telnet|tftp
|www]|
range <START-PORT> <END-PORT>] (log,rule-precedence <1-5000>)
{(rule-description <LINE>)}
tcp
Applies this permit rule to TCP packets only
udp
Applies this deny rule to UDP packets only
<SOURCE-IP/MASK>
This keyword is common to the ‘tcp’ and ‘udp’ parameters.
Specifies the source IP address and mask (A.B.C.D/M) to match. TCP/UDP packets received from the
specified sources are permitted.
<NETWORK-GROUP-ALIAS
-NAME>
This keyword is common to the ‘tcp’ and ‘udp’ parameters.
Applies a network-group alias to identify the source IP addresses. TCP/UDP packets received from the VLANs
identified here are permitted.
•
<NETWORK-ALIAS-GROUP-NAME> – Specify the network-group alias name (should be existing and
configured).
After specifying the source and destination IP address(es), specify the action taken in case of a match.
any
This keyword is common to the ‘tcp’ and ‘udp’ parameters.
Specifies the source as any source IP address. TCP/UDP packets received from any source are permitted.
from-vlan <VLAN-ID>
This keyword is common to the ‘tcp’ and ‘udp’ parameters.
Specifies a single VLAN or a range of VLANs as the match criteria. TCP/UDP packets received from the VLANs
identified here are permitted.
•
<VLAN-ID> – Specify the VLAN ID. To configure a range of VLANs, enter the start and end VLAN IDs
separated by a hyphen (for example, 12-20).
Use this option with WLANs and port ACLs.
host
<SOURCE-HOST-IP>
Identifies a specific host (as the source to match) by its IP address. TCP/UDP packets received from the
specified host are permitted.
•
<SOURCE-HOST-IP> – Specify the source host’s exact IP address in the A.B.C.D format.
<DEST-IP/MASK>
This keyword is common to the ‘tcp’ and ‘udp’ parameters.
Sets the destination IP address and mask (A.B.C.D/M) to match. TCP/UDP packets addressed to the
specified destinations are permitted.
any
This keyword is common to the ‘tcp’ and ‘udp’ parameters.
Specifies the destination as any destination IP address. TCP/UDP packets received from any destination are
permitted.
eq <SOURCE-PORT>
Identifies a specific source port
•
<SOURCE-PORT> – Specify the exact source port.
host
<DEST-HOST-IP>
Identifies a specific host (as the destination to match) by its IP address. TCP/UDP packets addressed to the
specified host are permitted.
•
<DEST-HOST-IP> – Specify the destination host’s exact IP address in the A.B.C.D format.
<NETWORK-GROUP-ALIAS
-NAME>
This keyword is common to the ‘tcp’ and ‘udp’ parameters.
Applies a network-group alias to identify the destination IP addresses. TCP/UDP packets destined to the
addresses identified in the network-group alias are permitted.
•
<NETWORK-ALIAS-GROUP-NAME> – Specify the network-group alias name (should be existing and
configured).
range <START-PORT>
<END-PORT>
Specifies a range of source ports
•
<START-PORT> – Specify the first port in the range.
•
<END-PORT> – Specify the last port in the range.