Brocade Mobility RFS7000-GR Controller CLI Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual
Page 369
Brocade Mobility RFS7000-GR CLI Reference Guide
355
53-1001945-01
Extended ACL Config Commands
14
Usage Guidelines
Use this command to deny traffic between network’s/host’s based on the protocol type selected in
the access list configuration. The following protocol types are supported:
•
ip
•
icmp
•
proto
•
tcp
•
udp
The last ACE in the access list is an implict deny statement.
deny {proto}
{<1-254>|WORD|eigrp|gre
|
igmp|igp|ospf|vrrp}
Use with
deny
command to reject any pav]ckets other than icmp, tcp and udp.
•
{proto} – Specifies any protocol other than icmp, tcp and udp.
•
{A.B.C.D/M | host | any} – A.B.C.D is the source IP address of the network or
host in dotted decimal format. M is the network mask. For example,
10.1.1.10/24 indicates the first 24 bits of the source IP are used for matching.
•
any is an abbreviation for source IP of 0.0.0.0 and source-mask bits equal
to 0.
•
host is an abbreviation for exact source (A.B.C.D) and source-mask bits
equal to 32.
•
{A.B.C.D/M | host | any} – The destination host IP address or destination
network address.
•
[icmp-type |icmp-type icmp-code] – ICMP type value from 0 to 255. Valid only
for protocol type icmp. ICMP code value from 0 to 255. Valid only for the
protocol type icmp.
•
[log] – Generates log messages when the packet coming from the interface
matches an ACL entry. Log messages are generated only for router ACLs.
•
[rule-precedence access-list-entry precedence] – Integer value between
1-5000. This value sets the rule precedence in the ACL.
deny {tcp|udp}
{source/source-mask
A.B.C.D/M| host sourcehost
| any} [operator source-port]
{destination/destination-ma
skA.B.C.D/M | host
destinationhost | any}
[operator destination-port]
[log] [rule-precedence
access-list-entry precedence]
Use with
deny
command to reject tcp or udp packets.
•
deny – The keyword specifies deny action on an ACL.
•
{tcp|udp} – Specify tcp or udp as the protocol.
•
{A.B.C.D/M | host | any} – A.B.C.D is the source IP address of the network or
host in dotted decimal format. M is the network mask. For example,
10.1.1.10/24 indicates the first 24 bits of the source IP are used for matching.
•
any is an abbreviation for source IP of 0.0.0.0 and source-mask bits equal
to 0.
•
host is an abbreviation for exact source (A.B.C.D) and source-mask bits
equal to 32.
•
[operator source-port] – Valid only for tcp or udp protocols. Valid values are eq
and range.
•
range – Specifies the protocol range (starting and ending protocol
numbers).
•
port – Valid Port number.
•
{destination/destination-mask A.B.C.D/M| host destination | any} – The
destination host IP address or destination network address.
•
[operator destination-port] – Specifies the destination port.
•
[log] – Generates log messages when the packet coming from the interface
matches the ACL entry. Log messages are generated only for router ACLs.
•
[rule-precedence access-list-entry precedence] – Integer value between
1-5000. This value sets the rule precedence in the ACL.