beautypg.com

Table 2, Named acls – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 58

background image

46

Brocade Virtual ADX Security Guide

53-1003250-01

ACLs and ICMP

2

Named ACLs

For example, to deny the administratively-prohibited message type in a named ACL, enter
commands such as the following.

Virtual ADX (config)#ip access-list extended melon

Virtual ADX (config-ext-nacl)#deny ICMP any any administratively-prohibited

or

Virtual ADX (config)#ip access-list extended melon

Virtual ADX (config-ext-nacl)#deny ICMP any any 3 13

Syntax: [no] ip access-list extended acl-num | acl-name

Syntax: deny | permit icmp source-ip-address | source-ip-address/subnet-mask | any | host

source-host destination-ip-address | destination-ip-address/subnet-mask | any | host
destination-host icmp-type | icmp-type-number icmp-code-number

The extended parameter indicates the ACL entry is an extended ACL.

The acl-name | acl-num variable allows you to specify an ACL name or number. If using a name,
specify a string of up to 256 alphanumeric characters. You can use blanks in the ACL name if you
enclose the name in quotation marks (for example, “ACL for Net1”). The acl-num variable allows
you to specify an ACL number if you prefer. If you specify a number, enter a number from 100 – 199
for extended ACLs.

The deny | permit parameter indicates whether packets that match the policy are dropped or
forwarded.

You can either use the icmp-type and enter the name of the message type or use the
icmp-type-number icmp-ode-number variable and enter the type number and code number of the
message. Refer to

Table 2

for valid values.

NOTE

“X” in the Type-Number or Code-Number column in

Table 2

means the device filters any traffic of that

ICMP message type.

TABLE 2

ICMP message types and codes

ICMP message type

Type

Code

administratively-prohibited

3

13

any-icmp-type

x

x

destination-host-prohibited

3

10

destination-host-unknown

3

7

destination-net-prohibited

3

9

destination-network-unknown

3

6

echo

8

0

echo-reply

0

0

general-parameter-problem
NOTE: This message type indicates that required

option is missing.

12

1

host-precedence-violation

3

14

See also other documents in the category Brocade Computer Accessories: