Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Brocade Mobility Access Point System Reference Guide

419

53-1003100-01

6

The Precedence column sets the priority of a IP Firewall rule within its rule set. Click on this column
and drag the rule to its appropriate place in the ruleset to set its precedence.

8. Click the OK button to save all changes made to the IP Firewall Rules dialog. Click Exit to close

the dialog and return to the previous screen.

9. Select existing inbound or outbound MAC Firewall Rules using the drop-down menu. If no rules

exist, select Create to display a screen where Firewall rules can be created.

10. Select the + Add Row button.

11. Select the added row to expand it into configurable parameters.

Source Port

If using either tcp or udp as the protocol, define whether the source port for incoming IP ACL rule
application is any, equals or an administrator defined range. If not using tcp or udp, this setting
displays as N/A. This is the data local origination virtual port designated by the administrator.
Selecting equals invokes a spinner control for setting a single numeric port. Selecting range
displays spinner controls for Low and High numeric range settings. A source port cannot be a
destination port.

Destination Port

If using either tcp or udp as the protocol, define whether the destination port for incoming IP ACL
rule application is any, equals or an administrator defined range. If not using tcp or udp, this setting
displays as N/A. This is the data local origination virtual port designated by the administrator.
Selecting equals invokes a spinner control for setting a single numeric port. Selecting range
displays spinner controls for Low and High numeric range settings.

ICMP Type

Selecting ICMP as the protocol for the IP rule displays an additional set of ICMP specific options for
ICMP type and code. The Internet Control Message Protocol (ICMP) uses messages identified by
numeric type. ICMP messages are used for packet flow control or generated in IP error responses.
ICMP errors are directed to the source IP address of the originating packet. Assign an ICMP type
from 1-10.

ICMP Code

Selecting ICMP as the protocol for the IP rule displays an additional set of ICMP specific options for
ICMP type and code. Many ICMP types have a corresponding code, helpful for troubleshooting
network issues (0 - Net Unreachable, 1- Host Unreachable, 2 - Protocol Unreachable etc.).

Start VLAN

Select a Start VLAN icon within a table row to set (apply) a start VLAN range for this IP ACL filter.
Start VLAN represents the virtual LAN beginning numeric identifier arriving packets must adhere to
in order to have the IP ACL rules apply.

End VLAN

Select an End VLAN icon within a table row to set (apply) an end VLAN range for this IP ACL filter.
End VLAN represents the virtual LAN end numeric identifier arriving packets must adhere to in
order to have the IP ACL rules apply.

Protocol

Select the protocol to filter for this ACL. Use the drop down to select from a list of predefined
protocol or use the spinner control to set a particular protocol number.

Mark

Select this option to mark certain fields inside a packet before allowing them. Mark is only
applicable for Allow rules. Mark sets the rule’s 802.1p or dscp level (from 0 - 7)

Log

Select this option to create a log entry that a firewall rule has allowed a packet to be either denied
or allowed.

Enabled

Select this option to enable or disable this particular IP Firewall rule in this rule set.

Description

Lists the administrator assigned description applied to the IP ACL rule. Select a description within
the table to modify its character string as filtering changes warrant. Select the icon within the
Description table header to launch a Select Columns screen used to add or remove IP ACL criteria
from the table.