Extreme Networks ExtremeWare Command Reference Manual page 932

Security Commands
code-point Specifies a 6-bit DiffServ code point. Valid entries are from 0 to 63.
dot1p Specifies the priorities for 802.1p.
permit-established Specifies to deny any new TCP session initiation.
deny Specifies to drop the packet.
vlan-pri Specifies the 802.1p priority of the VLAN tag, which is a three-bit field. Valid values are 0
to 7.
vlan-pri-2bits Specifies the two most significant bits of the vlan-pri field.
Default
N/A
Usage Guidelines
None
Example
The following access-list example performs packet filtering in the following sequence, as determined by
the precedence number:
• Deny UDP port 32 and TCP port 23 traffic to the 10.2.XX network.
• All other TCP port 23 traffic destined for other 10.X.X.X networks is permitted using QoS profile
Qp4.
• All remaining traffic to 10.2.0.0 uses QoS profile Qp3.
With no default rule specified, all remaining traffic is allowed using the default QoS profile.
create access-list deny102_32 udp dest 10.2.0.0/16 ip-port 32 source any ip-port any
deny ports any precedence 10
create access-list deny102_23 tcp dest 10.2.0.0/16 ip-port 23 source any ip-port any
deny ports any precedence 20
create access-list allow10_23 tcp dest 10.0.0.0/8 ip-port 23 source any ip-port any
permit qosprofile qp4 ports any precedence 30
create access-list allow102 ip dest 10.2.0.0/16 source 0.0.0.0/0 permit qosprofile qp3
ports any precedence 40
The following example shows a default entry that is used to specify an explicit deny:
create access-list denyall ip dest 0.0.0.0/0 source 0.0.0.0/0 deny ports any
History
This form of the command was available in ExtremeWare 7.1e.
Platform Availability
This command is available on the "e" series platforms only.
932 ExtremeWare 7.5 Command Reference Guide