Brocade Mobility RFS7000-GR Controller CLI Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual
Page 189
Brocade Mobility RFS7000-GR Controller CLI Reference Guide
175
53-1001945-01
Global Configuration Commands
5
access-list
(<100-199>|<2000-2699>)
{deny | permit | mark {dot1p
<0-7> | tos <0-255>}}
{icmp}
{source/source-mask | host
source | any}
{destination/ destination-mask |
host destination | any}
[icmp-type |
[icmp-type icmp-code]]
[log]
[rule-precedence
access-list-entry precedence]
Adds an Extended IP access list entry using icmp keyword.
•
(<100-199>|<2000-2699>) – For ICMP extended ACLs, the ACL number
must be between 2000-2699.
•
{deny | permit | mark {dot1p <0-7> | tos <0-255>}} – Action types on an
ACL. The action type
mark
is functional only over a Port ACL.
•
{icmp} – Specifies icmp as the protocol.
•
{source/source-maskA.B.C.D/M | host source | any} – SourceA.B.C.D is the
source address of the network or host in dotted decimal. Source-maskM is
the network mask. For example, 10.1.1.10/24 indicates the first 24 bits of
the source IP are used for matching.
•
The keyword any is an abbreviation for source an IP of 0.0.0.0 and
source-mask bits equal to 0.
•
The keyword host is an abbreviation for exact source (A.B.C.D) and
source-mask bits equal to 32.
•
{destination/ destination-maskA.B.C.D/M | host destination | any} – The
destination host IP address or destination network address.
•
[icmp-type |icmp-type icmp-code] – ICMP
type value from 0 - 255. Valid only
for protocol type icmp. ICMP
code value from 0 - 255. Valid only for a
protocol type of icmp.
•
[log] – Generates log messages when the packet coming from the interface
matches the ACL entry. Log messages are generated only for router ACL’s.
•
[rule-precedence access-list-entry precedence] – Integer value between
1-5000. This value sets the rule precedence in the ACL.
access-list
(<100-199>|<2000-2699>)
{deny | permit | mark {dot1p
<0-7> | tos <0-255>}}
{tcp|udp}
{source/source-mask | host
source | any}
[operator source-port]
{destination/destination-mask |
host destination | any} [operator
destination-port] [log]
[rule-precedence
access-list-entry precedence]
Adds an Extended IP access list entry using tcp or udp keyword.
•
(<100-199>|<2000-2699>) – For tcp or udp type of extended ACL, the ACL
number must be between 2000-2699.
•
{deny | permit | mark {dot1p <0-7> | tos <0-255>}} – Action types on an
ACL. The action type
mark
is functional only over a Port ACL.
•
{tcp|udp} – Specifies tcp or udp as the protocol.
•
{source/source-mask | host source | any} – Source is the source address
of the network or host in dotted decimal. Source-mask is the network mask.
For e.g. 10.1.1.10/24 indicates that the first 24 bits of the source IP are
used for matching.
•
any is an abbreviation for a source IP of 0.0.0.0 and
source-mask bits equal to 0.
•
host is an abbreviation for an exact source (A.B.C.D) and
source-mask bits equal to 32.
•
[operator source-port] – Valid only for tcp or udp protocols. Valid values are
eq and range.
•
range – Specify the protocol range (starting and ending protocol
numbers).
•
port – Valid Port number.
•
{destination/destination-mask | host destination | any} – The destination
host IP address or destination network address.
•
[operator destination-port] – Specifies the destination port.
•
[log] – Generates log messages when the packet coming from the interface
matches the ACL entry. Log messages are generated only for router ACL’s.
•
[rule-precedence access-list-entry precedence] – Integer value between
1-5000. This value sets the rule precedence in the ACL.