Setting A Source Ip Acl - Nortel 2360 Configuration Manual
Wlan-security switch 2300 series
Hide thumbs
Also See for 2360:
- Reference manual (480 pages) ,
- User manual (218 pages) ,
- Installation and basic configuration manual (172 pages)
Table of Contents
Advertisement
Setting a source IP ACL
You can create an ACE that filters packets based on the source IP address and optionally applies CoS packet handling.
(For CoS details, see
"Class of Service" (page
ACL by using the before editbuffer-index or modify editbuffer-index variables with an index number. You can use the
hits counter to track how many packets the ACL filters.
The simplest security ACL permits or denies packets from a source IP address:
set security acl ip acl-name {permit [cos cos] | deny}
{source-ip-addr mask | any} [before editbuffer-index | modify editbuffer-index] [hits]
For example, to create ACL acl-1 that permits all packets from IP address 192.168.1.4, type the following command:
WSS# set security acl ip acl-1 permit 192.168.1.4 0.0.0.0
With the following basic security ACL command, you can specify any of the protocols supported by WSS Software:
set security acl ip acl-name {permit [cos cos] | deny} protocol-number
{source-ip-addr mask | any} {destination-ip-addr mask | any} [[precedence precedence] [tos
tos] | [dscp codepoint]] [before editbuffer-index | modify editbuffer-index] [hits]
The following sample security ACL permits all Generic Routing Encapsulation (GRE) packets from source IP address
192.168.1.11 to destination IP address 192.168.1.15, with a precedence level of 0 (routine), and a type-of-service (TOS)
level of 0 (normal). (For more information about type-of-service and precedence levels, see the
Switch 2300 Series Command Line
WSS# set security acl ip acl-2 permit cos 2 47 192.168.1.11 0.0.0.0 192.168.1.15 0.0.0.0
precedence 0 tos 0 hits
The security ACL acl-2 described above also applies the CoS level 2 (medium priority) to the permitted packets. (For
CoS details, see
"Class of Service" (page
traffic.
Table 1
lists common IP protocol numbers. (For a complete list of IP protocol names and numbers, see
assignments/protocol-numbers.) For commands that set security ACLs for specific protocols, see the following
information:
•
"Setting an ICMP ACL" (page 414)
•
"Setting a TCP ACL" (page 416)
•
"Setting a UDP ACL" (page 416)
Number
1
2
6
9
412).) You can also determine where the ACE is placed in the security
Reference.) GRE is protocol number 47.
412).) The keyword hits counts the number of times this ACL affects packet
Table 1: Common IP protocol numbers
IP Protocol
Internet Message Control Protocol (ICMP)
Internet Group Management Protocol (IGMP)
Transmission Control Protocol (TCP)
Any private interior gateway (used by Cisco for Internet Gateway Routing
Protocol)
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Configuring and managing security ACLs 411
Nortel WLAN Security
www.iana.org/
- Quick Links:
- Using the Command-Line Interface
Hide quick links:
Advertisement
Table of Contents
