beautypg.com

Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 921

background image

Brocade Mobility RFS Controller CLI Reference Guide

909

53-1003098-01

12

permit proto [||eigrp|gre|igmp|igp|ospf|vrrp]

[||any|from-vlan

|

host ]

[||any|

host ] (log,rule-precedence <1-5000>)

{(rule-description )}

permit [tcp|udp] [||any|from-vlan

|

host ]

[||any|

eq |host |range ]

[eq

[<1-65535>||bgp|dns|ftp|ftp-data|gopher|https|ldap|nntp|ntp|pop

3|

sip|smtp|ssh|telnet|tftp|www]|range ]

(log,rule-precedence <1-5000>) {(rule-description )}

Parameters

permit

[||any|from-vlan |host

] [|any|host

|] (log,mark [8021p <0-7>|dscp

<0-63>],

rule-precedence <1-5000>) {(rule-description )}

AS-NAME>

Applies this permit rule to packets based on service protocols and ports specified in the network-service alias

– Specify the network-service alias name (should be existing and
configured).

A network-service alias defines service protocols and ports to match. When used with an ACL, the
network-service alias defines the service-specific components of the ACL permit rule.
For more information on configuring network-service alias, see

alias

.

Specifies the source IP address and mask (A.B.C.D/M) to match. Packets, matching the service protocols and
ports specified in the network-service alias, received from the specified network are permitted.

S-NAME>

Applies a network-group alias to identify the source IP addresses. Packets, matching the service protocols
and ports specified in the network-service alias, received from the addresses identified by the network-group
alias are permitted.

– Specify the network-group alias name (should be existing and
configured).

A network-group alias defines a single or a range of addresses of devices, hosts, and networks. When used
with an ACL, the network-group alias defines the network-specific component of the ACL rule (permit/deny).

any

Specifies the source as any source IP address. Packets, matching the service protocols and ports specified in
the network-service alias, received from any source are permitted.

from-vlan

Specifies a single VLAN or a range of VLANs as the match criteria. Packets, matching the service protocols
and ports specified in the network-service alias, received from the specified VLAN(s) are permitted.

– Specify the VLAN ID. To configure a range of VLANs, enter the start and end VLAN IDs
separated by a hyphen (for example, 12-20).

Use this option with WLANs and port ACLs.

host

Identifies a specific host (as the source to match) by its IP address. Packets, matching the service protocols
and ports specified in the network-service alias, received from the specified host are permitted.

– Specify the source host’s exact IP address in the A.B.C.D format.

Specifies the destination IP address and mask (A.B.C.D/M) to match. Packets, matching the service protocols
and ports specified in the network-service alias, addressed to the specified network are permitted.

See also other documents in the category Brocade Computer Accessories: