Example - denying tcp based traffic, Example - denying udp based traffic, Example - denying icmp based traffic – Brocade Communications Systems RFS6000 User Manual
Page 456: Example - denying protocol based acl
454
Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide
53-1001931-01
Extended ACL config commands
14
RFController(config-ext-nacl)#deny ip 192.168.2.0/24 192.168.1.0/24
RFController(config-ext-nacl)#permit ip any any
RFController(config-ext-nacl)#
Example - denying TCP based traffic
The following example denies TCP traffic with a source port range between 20 - 23 (from the
source subnet to destination subnet):
RFController(config-ext-nacl)#deny tcp range 20 23 192.168.1.0/24
192.168.2.0/24
RFController(config-ext-nacl)#permit ip any any
RFController(config-ext-nacl)#
Example - denying UDP based traffic
The following example denies UDP traffic with a source port range between 20 - 23 (from the
source subnet to destination subnet):
RFController(config-ext-nacl)#deny udp range 20 23 192.168.1.0/24
192.168.2.0/24
RFController(config-ext-nacl)#permit ip any any
RFController(config-ext-nacl)#
Example - denying ICMP based traffic
The following example denies ICMP traffic from any source to any destination. The keyword any is
used to match:
any source or destination IP address.
RFController(config-ext-nacl)#deny icmp any any
RFController(config-ext-nacl)#permit ip any any
RFController(config-ext-naclend
Example - denying protocol based ACL
With the inclusion of protocol based acls, it is possible to permit or deny all the protocols that exist.
RFController(config-ext-nacl)#deny proto ospf any any rule-precedence 10
RFController(config-ext-nacl)#deny proto eigrp any any rule-precedence 20
RFController(config-ext-nacl)#permit ip any any rule-precedence 30