Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

910

Brocade Mobility RFS Controller CLI Reference Guide

53-1003098-01

12

permit icmp [||any|from-vlan |

host ] [||any|host

]

( ,log,rule-precedence <1-5000>) {(rule-description

)}

any

Specifies the destination as any destination IP address. Packets, matching the service protocols and ports
specified in the network-service alias, addressed to any destination are permitted.

host

Identifies a specific host (as the destination to match) by its IP address. Packets, matching the service
protocols and ports specified in the network-service alias, addressed to the specified host are permitted.

•

– Specify the destination host’s exact IP address in the A.B.C.D format.

S-NAME>

Applies a network-group alias to identify the destination IP addresses. Packets, matching the service
protocols and ports specified in the network-service alias, destined for the addresses identified by the
network-group alias are permitted.

•

– Specify the network-group alias name (should be existing and
configured).

log

Logs all permit events matching this entry. If a source and/or destination IP address is matched (i.e. if any
specified type of packet is received from a specified IP address and/or is destined for a specified IP address),
an event is logged.

mark [8021p <0-7>|
dscp <0-63>]

Specifies packets to mark

•

8021p <0-7> – Marks packets by modifying 802.1.p VLAN user priority

•

dscp <0-63> – Marks packets by modifying DSCP TOS bits in the header

rule-precedence
<1-5000>
rule-description

The following keywords are recursive and common to all of the above parameters:

•

rule-precedence – Assigns a precedence for this permit rule

•

<1-5000> – Specify a value from 1 - 5000.

Lower the precedence higher is the priority. A rule with precedence 3 gets priority over a rule with precedence
10.

•

rule-description – Optional. Configures a description for this permit rule. Provide a description that

uniquely identifies the purpose of this rule (should not exceed 128 characters in length).

icmp

Applies this permit rule to ICMP packets only

Specifies the source IP address and mask (A.B.C.D/M) to match. ICMP packets received from the specified
sources are permitted.

S-NAME>

Applies a network-group alias to identify the source IP addresses. ICMP packets received from the addresses
identified by the network-group alias are permitted.

•

– Specify the network-group alias name (should be existing and
configured).

any

Specifies the source as any source IP address. ICMP packets received from any source are permitted.

from-vlan

Specifies a single VLAN or a range of VLANs as the match criteria. ICMP packets received from the VLANs
identified here are permitted.

•

– Specify the VLAN ID. To configure a range of VLANs, enter the start and end VLAN IDs
separated by a hyphen (for example, 12-20).

Use this option with WLANs and port ACLs.

host

Identifies a specific host (as the source to match) by its IP address. ICMP packets received from the specified
host are permitted.

•

– Specify the source host’s exact IP address in the A.B.C.D format.

Specifies the destination IP address and mask (A.B.C.D/M) to match. ICMP packets addressed to specified
destinations are permitted.