Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 907
Brocade Mobility RFS Controller CLI Reference Guide
895
53-1003098-01
12
deny icmp [
host
(
any
Specifies the source as any source IP address. Packets, matching the service protocols and ports specified in
the network-service alias, received from any source are dropped.
from-vlan
Specifies a single VLAN or a range of VLANs as the match criteria. Packets, matching the service protocols
and ports specified in the network-service alias, received from the specified VLAN(s) are dropped.
•
separated by a hyphen (for example, 12-20).
Use this option with WLANs and port ACLs.
host
Identifies a specific host (as the source to match) by its IP address. Packets, matching the service protocols
and ports specified in the network-service alias, received from the specified host are dropped.
•
Specifies the destination IP address and mask (A.B.C.D/M) to match. Packets, matching the service protocols
and ports specified in the network-service alias, addressed to the specified network are dropped.
any
Specifies the destination as any destination IP address. Packets, matching the service protocols and ports
specified in the network-service alias, addressed to any destination are dropped.
host
Identifies a specific host (as the destination to match) by its IP address. Packets, matching the service
protocols and ports specified in the network-service alias, addressed to the specified host are dropped.
•
Applies a network-group alias to identify the destination IP addresses. Packets, matching the service
protocols and ports specified in the network-service alias, destined for the addresses identified by the
network-group alias are dropped.
•
configured).
log
Logs all deny events matching this entry. If a source and/or destination IP address is matched (i.e. if any
specified type of packet is received from a specified IP address and/or is destined for a specified IP address),
an event is logged.
mark [8021p <0-7>|
dscp <0-63>]
Specifies packets to mark
•
8021p <0-7> – Marks packets by modifying 802.1.p VLAN user priority
•
dscp <0-63> – Marks packets by modifying DSCP TOS bits in the header
rule-precedence
<1-5000>
rule-description
The following keywords are recursive and common to all of the above parameters:
•
rule-precedence – Assigns a precedence for this deny rule
•
<1-5000> – Specify a value from 1 - 5000.
Lower the precedence higher is the priority. A rule with precedence 3 gets priority over a rule with precedence
10.
•
rule-description – Optional. Configures a description for this deny rule. Provide a description that
uniquely identifies the purpose of this rule (should not exceed 128 characters in length).
icmp
Applies this deny rule to Internet Control Message Protocol (ICMP) packets only
Specifies the source IP address and mask (A.B.C.D/M) to match. ICMP packets received from the specified
sources are dropped.
Applies a network-group alias to identify the source IP addresses. ICMP packets received from the addresses
identified by the network-group alias are dropped.
•
configured).
any
Specifies the source as any IP address. ICMP packets received from any source are dropped.