beautypg.com

Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 112

background image

92

Brocade ICX 6650 Security Configuration Guide

53-1002601-01

Extended numbered ACL configuration

The destination-ip | hostname parameter specifies the destination IP host for the policy. If you want
the policy to match on all destination addresses, enter any.

The icmp-type | icmp-num parameter specifies the ICMP protocol type:

This parameter applies only if you specified icmp as the ip-protocol value.

If you use this parameter, the ACL entry is sent to the CPU for processing.

If you do not specify a message type, the ACL applies to all types of ICMP messages.

The icmp-num parameter can be a value from 0–255.

The icmp-type parameter can have one of the following values, depending on the software version
the device is running:

any-icmp-type

echo

echo-reply

information-request

log

mask-reply

mask-request

parameter-problem

redirect

source-quench

time-exceeded

timestamp-reply

timestamp-request

traffic policy

unreachable

num

NOTE

The QoS options listed below are only available if a specific ICMP type is specified for the icmp-type
parameter and cannot be used with the any-icmp-type option above.

The tcp/udp comparison operator parameter specifies a comparison operator for the TCP or UDP
port number. This parameter applies only when you specify tcp or udp as the IP protocol. For
example, if you are configuring an entry for HTTP, specify tcp eq http. You can enter one of the
following operators:

eq – The policy applies to the TCP or UDP port name or number you enter after eq.

established – This operator applies only to TCP packets. If you use this operator, the policy
applies to TCP packets that have the ACK (Acknowledgment) or RST (Reset) bits set on (set to
“1”) in the Control Bits field of the TCP packet header. Thus, the policy applies only to
established TCP sessions, not to new sessions. Refer to Section 3.1, “Header Format”, in RFC
793 for information about this field.

NOTE

This operator applies only to destination TCP ports, not source TCP ports.

See also other documents in the category Brocade Communications Systems Computer Accessories: