Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

546

Brocade Mobility Access Point System Reference Guide

53-1003100-01

8

IP Firewall Rule configurations. Select the Remove icon as required to remove selected IP
Firewall Rules.

6. Select OK when completed to update the IP Firewall rules. Select Reset to revert back to the

last saved configuration.

Network Service Alias

The service alias is a set of configurations consisting of protocol and port mappings. Both source
and destination ports are configurable. Set an alphanumeric service alias (beginning with a $
character and containing one special character) and include the protocol as relevant. Selecting
either tcp or udp displays an additional set of specific TCP/UDP source and destinations port
options.

Source Port

If using either tcp or udp as the protocol, define whether the source port for incoming IP ACL rule
application is any, equals or an administrator defined range. If not using tcp or udp, this setting
displays as N/A. This is the data local origination virtual port designated by the administrator.
Selecting equals invokes a spinner control for setting a single numeric port. Selecting range
displays spinner controls for Low and High numeric range settings. A source port cannot be a
destination port.

Destination Port

If using either tcp or udp as the protocol, define whether the destination port for incoming IP ACL
rule application is any, equals or an administrator defined range. If not using tcp or udp, this setting
displays as N/A. This is the data local origination virtual port designated by the administrator.
Selecting equals invokes a spinner control for setting a single numeric port. Selecting range
displays spinner controls for Low and High numeric range settings.

ICMP Type

Selecting ICMP as the protocol for the IP rule displays an additional set of ICMP specific options for
ICMP type and code. The Internet Control Message Protocol (ICMP) uses messages identified by
numeric type. ICMP messages are used for packet flow control or generated in IP error responses.
ICMP errors are directed to the source IP address of the originating packet. Assign an ICMP type
from 1-10.

ICMP Code

Selecting ICMP as the protocol for the IP rule displays an additional set of ICMP specific options for
ICMP type and code. Many ICMP types have a corresponding code, helpful for troubleshooting
network issues (0 - Net Unreachable, 1- Host Unreachable, 2 - Protocol Unreachable etc.).

Start VLAN

Select a Start VLAN icon within a table row to set (apply) a start VLAN range for this IP ACL filter. The
Start VLAN represents the virtual LAN beginning numeric identifier arriving packets must adhere to
in order to have the IP ACL rules apply.

End VLAN

Select an End VLAN icon within a table row to set (apply) an end VLAN range for this IP ACL filter.
The End VLAN represents the virtual LAN end numeric identifier arriving packets must adhere to in
order to have the IP ACL rules apply.

Protocol

Select the protocol to filter for this ACL. Use the drop down to select from a list of predefined
protocol or use the spinner control to set a particular protocol number.

Mark

Select this option to mark certain fields inside a packet before allowing them. Mark is only
applicable for Allow rules. Mark sets the rule’s 802.1p or dscp level (from 0 - 7)

Log

Select this option to create a log entry that a firewall rule has allowed a packet to be either denied
or allowed.

Status

Select this option to enable or disable this particular IP Firewall rule in this rule set.

Description

Lists the administrator assigned description applied to the IP ACL rule. Select a description within
the table to modify its character string as filtering changes warrant. Select the icon within the
Description table header to launch a Select Columns screen used to add or remove IP ACL criteria
from the table.