Table of Contents
Advertisement
14
Extended ACL config commands
Example - denying TCP based traffic
The following example denies TCP traffic with a source port range between 20 - 23 (from the
source subnet to destination subnet):
Example - denying UDP based traffic
The following example denies UDP traffic with a source port range between 20 - 23 (from the
source subnet to destination subnet):
Example - denying ICMP based traffic
The following example denies ICMP traffic from any source to any destination. The keyword any is
used to match:
Example - denying protocol based ACL
With the inclusion of protocol based acls, it is possible to permit or deny all the protocols that exist.
454
RFController(config-ext-nacl)#deny ip 192.168.2.0/24 192.168.1.0/24
RFController(config-ext-nacl)#permit ip any any
RFController(config-ext-nacl)#
RFController(config-ext-nacl)#deny tcp range 20 23 192.168.1.0/24
192.168.2.0/24
RFController(config-ext-nacl)#permit ip any any
RFController(config-ext-nacl)#
RFController(config-ext-nacl)#deny udp range 20 23 192.168.1.0/24
192.168.2.0/24
RFController(config-ext-nacl)#permit ip any any
RFController(config-ext-nacl)#
any source or destination IP address.
RFController(config-ext-nacl)#deny icmp any any
RFController(config-ext-nacl)#permit ip any any
RFController(config-ext-naclend
RFController(config-ext-nacl)#deny proto ospf any any rule-precedence 10
RFController(config-ext-nacl)#deny proto eigrp any any rule-precedence 20
RFController(config-ext-nacl)#permit ip any any rule-precedence 30
Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide
53-1001931-01
- Quick Links:
- Common Commands
- Show
Hide quick links:
Advertisement
Table of Contents
