Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Brocade Mobility RFS Controller CLI Reference Guide

911

53-1003098-01

12

permit ip [||any|from-vlan

|

host ] [||any|host

] (log,rule-precedence <1-5000>) {(rule-description )}

S-NAME>

Applies a network-group alias to identify the destination IP addresses. ICMP packets destined for addresses
identified by the network-group alias are permitted.

•

– Specify the network-group alias name (should be existing and
configured).

any

Specifies the destination as any destination IP address. ICMP packets addressed to any destination are
permitted.

host

Identifies a specific host (as the destination to match) by its IP address. ICMP packets addressed to the
specified host are permitted.

•

– Specify the destination host’s exact IP address in the A.B.C.D format.

Defines the ICMP packet type
For example, an ICMP type 0 indicates it is an ECHO REPLY, and type 8 indicates it is an ECHO.

Defines the ICMP message type
For example, an ICMP code 3 indicates “Destination Unreachable”, code 1 indicates “Host Unreachable”, and
code 3 indicates “Port Unreachable.”
After specifying the source and destination IP address(es), the ICMP message type, and the ICMP code,
specify the action taken in case of a match.

log

Logs all permit events matching this entry. If a source and/or destination IP address is matched (i.e. a ICMP
packet is received from a specified IP address and/or is destined for a specified IP address), an event is
logged.

rule-precedence
<1-5000>
rule-description

The following keywords are recursive and common to all of the above parameters:

•

rule-precedence – Assigns a precedence for this permit rule

•

<1-5000> – Specify a value from 1 - 5000.

Lower the precedence higher is the priority. A rule with precedence 3 gets priority over a rule with precedence
10.

•

rule-description – Optional. Configures a description for this permit rule. Provide a description that

uniquely identifies the purpose of this rule (should not exceed 128 characters in length).

ip

Applies this permit rule to IP packets only

Specifies the source IP address and mask (A.B.C.D/M) to match. IP packets received from the specified
networks are permitted.

S-NAME>

Applies a network-group alias to identify the source IP addresses. IP packets received from the addresses
identified by the network-group alias are permitted.

•

– Specify the network-group alias name (should be existing and
configured).

any

Specifies the source as any source IP address. IP packets received from any source are permitted.

from-vlan

Specifies a single VLAN or a range of VLANs as the match criteria. IP packets received from the specified
VLANs are permitted.

•

– Specify the VLAN ID. To configure a range of VLAN IDs, enter the start and end VLAN IDs
separated by a hyphen (for example, 12-20).

Use this option with WLANs and port ACLs.

host

Identifies a specific host (as the source to match) by its IP address. IP packets received from the specified
host are permitted.

•

– Specify the source host’s exact IP address in the A.B.C.D format.

Specifies the destination IP address and mask (A.B.C.D/M) to match. IP packets addressed to the specified
networks are permitted.