beautypg.com

Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 911

background image

Brocade Mobility RFS Controller CLI Reference Guide

899

53-1003098-01

12

deny [tcp|udp] [||any|from-vlan

|

host ] [||any|eq

|

host |range ] [eq

[<1-65535>||bgp|

dns|ftp|ftp-data|gopher|https|ldap|nntp|ntp|pop3|sip|smtp|ssh|telnet|tftp|www

]|

range ] (log,rule-precedence <1-5000>)

{(rule-description )}

log

Logs all deny events matching this entry. If a source and/or destination IP address is matched (i.e. a packet
(EIGRP, GRE, IGMP, IGP, OSPF, or VRRP) is received from a specified IP address and/or is destined for a
specified IP address), an event is logged.

rule-precedence
<1-5000>
rule-description

The following keywords are recursive and common to all of the above parameters:

rule-precedence – Assigns a precedence for this deny rule

<1-5000> – Specify a value from 1 - 5000.

Lower the precedence higher is the priority. A rule with precedence 3 gets priority over a rule with
precedence 10.

rule-description – Optional. Configures a description for this deny rule. Provide a description that

uniquely identifies the purpose of this rule (should not exceed 128 characters in length).

tcp

Applies this deny rule to TCP packets only

udp

Applies this deny rule to UDP packets only

This keyword is common to the ‘tcp’ and ‘udp’ parameters.
Specifies the source IP address and mask (A.B.C.D/M) to match. TCP/UDP packets received from the
specified sources are dropped.

-NAME>

This keyword is common to the ‘tcp’ and ‘udp’ parameters.
Applies a network-group alias to identify the source IP addresses. TCP/UDP packets received from the VLANs
identified here are dropped.

– Specify the network-group alias name (should be existing and
configured).

After specifying the source and destination IP address(es), specify the action taken in case of a match.

any

This keyword is common to the ‘tcp’ and ‘udp’ parameters.
Specifies the source as any IP address. TCP/UDP packets received from any source are dropped.

from-vlan

This keyword is common to the ‘tcp’ and ‘udp’ parameters.
Specifies a single VLAN or a range of VLANs as the match criteria. TCP/UDP packets received from the VLANs
identified here are dropped.

– Specify the VLAN ID. To configure a range of VLANs, enter the start and end VLAN IDs
separated by a hyphen (for example, 12-20).

Use this option with WLANs and port ACLs.

host

Identifies a specific host (as the source to match) by its IP address. TCP/UDP packets received from the
specified host are dropped.

– Specify the source host’s exact IP address in the A.B.C.D format.

This keyword is common to the ‘tcp’ and ‘udp’ parameters.
Sets the destination IP address and mask (A.B.C.D/M) to match. TCP/UDP packets addressed to the
specified destinations are dropped.

any

This keyword is common to the ‘tcp’ and ‘udp’ parameters.
Specifies the destination as any destination IP address. TCP/UDP packets received from any destination are
dropped.

eq

Identifies a specific source port

– Specify the exact source port.

See also other documents in the category Brocade Computer Accessories: