beautypg.com

Paradyne CSU User Manual

Page 402

background image

C. Router CLI Commands, Codes, and Designations

C-20

September

2002

9128-A2-GB20-80

(Continued from previous page)

For Extended IP Access Lists:

Example:

access-list 100 permit tcp 10.1.1.1 0.0.0.255 20.1.1.1

0.0.0.255

protocol

– The IP protocol to which the filter will be applied. The following protocols are

supported:

ip – Filter applies to all IP packets (including but not limited to ICMP, TCP, and UDP).

icmp – Internet Control Message Protocol.

tcp – Transmission Control Protocol.

udp – User Datagram Protocol.

source-ip

– The source IP Address to match.

source-wildcard

– Specifies a 32-bit wildcard mask indicating the bit positions in the

source IP Address to ignore during matches. This argument must be supplied when a

source-ip

address is specified.

any – Match any source host. A source-ip of 0.0.0.0 and a source-wildcard of
255.255.255.255 are specified.

host – Specify a single host source address to match.

source

-

host-ip

– The source host IP address to match.

dest-ip

– The destination IP Address to match.

dest-wildcard

– Specifies a 32-bit wildcard mask indicating the bit positions in the

destination IP Address to ignore during matches. This argument must be supplied
when a dest-ip address is specified.

any – Specifies to match any destination host. A dest-ip of 0.0.0.0 and a dest-wildcard of
255.255.255.255 are specified.

host – Specify a single host address to match.

dest

-

host-ip

– The destination host IP address to match.

icmp-msg-type

– Specify a specific ICMP message type to be filtered. Valid if the

protocol

s

pecified is icmp. For valid ICMP message types, refer to

Table C-15, ICMP

Designations

. Valid ICMP message type range is 0–255.

icmp-msg-code

– Specify a specific ICMP message code to be filtered. Valid if an

icmp-msg-type

has been specified and the protocol

specified is icmp. For valid ICMP

message codes, refer to

Table C-15, ICMP Designations

. Valid ICMP message type range

is 0 – 255.

src-operator

– Specifies how the source port is evaluated. This argument may only be

specified if the protocol specified is tcp or udp. Valid values are:

eq – Match only packets with a port number equal to the source port number input.

gt – Match only packets with a port number greater than the source port number.

lt – Match only packets with a port number less than the source port number input.

neq – Match only packets with a port number not equal to the source port number.

range – Match only packets in the range of port numbers specified by src-port

and

src-end-port. If range is specified, enter both a src-port and a src-end-port.

(Continued on next page)

Table C-11. Filter Commands (2 of 4)

This manual is related to the following products:
See also other documents in the category Paradyne Hardware: