Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual
Page 44
32
Brocade Virtual ADX Security Guide
53-1003250-01
Configuring numbered and named ACLs
2
NOTE
If you use the CIDR format, the ACL entries appear in this format in the running-config and
startup-config files, but are shown with subnet mask in the display produced by the show ip
access-list command.
The destination-ip | hostname variable specifies the destination IP host for the policy. If you want
the policy to match on all destination addresses, enter any.
The icmp-type | icmp-num variable specifies the ICMP protocol type.
•
This variable applies only if you specified icmp as the ip-protocol value.
•
If you do not specify a message type, the ACL applies to all types of ICMP messages.
The icmp-num variable can be a value from 0 – 255.
The icmp-type variable can have one of the following values, depending on the software version the
device is running:
•
any-icmp-type
•
echo
•
echo-reply
•
information-request
•
log
•
mask-reply
•
mask-request
•
parameter-problem
•
redirect
•
source-quench
•
time-exceeded
•
timestamp-reply
•
timestamp-request
•
unreachable
•
num
The operator variable specifies a comparison operator for the TCP or UDP port number. This
variable applies only when you specify tcp or udp as the IP protocol. For example, if you are
configuring an entry for HTTP, specify tcp eq http. You can enter one of the following operators:
•
eq – The policy applies to the TCP or UDP port name or number you enter after eq.
•
gt – The policy applies to TCP or UDP port numbers greater than the port number or the
numeric equivalent of the port name you enter after gt.
•
lt – The policy applies to TCP or UDP port numbers that are less than the port number or the
numeric equivalent of the port name you enter after lt.
•
neq – The policy applies to all TCP or UDP port numbers except the port number or port name
you enter after neq.