Policy Rule Configuration - Avaya G430 Manual
Administering branch gateway
Hide thumbs
Also See for G430:
- Installation and upgrades (155 pages) ,
- Deploying and upgrading (144 pages) ,
- Quick start for hardware (31 pages)
Table of Contents
Advertisement
Policy lists
Result
The composite command can be any command defined in the composite operation list. These
commands are case-sensitive. To view the composite operation list for the access control list
you are working with, use the command show composite-operation in the context of the
access control list.
Example
The following example defines a rule in access control list 301 that denies access to all
incoming packets that contain IP fragments:
Gxxx-001(super)# ip access-control-list 301
Gxxx-001(super/ACL 301)# ip-fragments-in Deny
Done!
Policy rule configuration
You can configure policy rules to match packets based on one or more of the following criteria:
• Source IP address, or a range of addresses
• Destination IP address, or a range of addresses
• IP protocol, such as TCP, UDP, ICMP, or IGMP
• Source TCP or UDP port or a range of ports
• Destination TCP or UDP port or a range of ports
• ICMP type and code
• Fragment
• DSCP
Use IP wildcards to specify a range of source or destination IP addresses. The zero bits in the
wildcard correspond to bits in the IP address that remain fixed. The one bits in the wildcard
correspond to bits in the IP address that can vary. Note that this is the opposite of how bits are
used in a subnet mask.
For access control lists, you can require the packet to be part of an established TCP session.
If the packet is a request for a new TCP session, the packet does not match the rule. You can
also specify whether an access control list accepts packets that have an IP option field.
Related topics:
Editing and creating rules
Policy lists rule criteria
568
Administering Avaya G430 Branch Gateway
on page 569
on page 569
Comments? infodev@avaya.com
October 2013
Hide quick links:
Advertisement
Table of Contents
