Setting Tcp And Udp Acls; Setting A Tcp Acl; Setting A Udp Acl - Nortel 2360 Configuration Manual
Wlan-security switch 2300 series
Hide thumbs
Also See for 2360:
- Reference manual (480 pages) ,
- User manual (218 pages) ,
- Installation and basic configuration manual (172 pages)
Table of Contents
Advertisement
416 Configuring and managing security ACLs
Setting TCP and UDP ACLs
Security ACLs can filter TCP and UDP packets by source and destination IP address, precedence, and TOS
level. You can apply a TCP ACL to established TCP sessions only, not to new TCP sessions. In addition,
security ACLs for TCP and UDP can filter packets according to a source port on the source IP address and/or
a destination port on the destination IP address, if you specify a port number and an operator in the ACE. (For
a list of TCP and UDP port numbers, see www.iana.org/assignments/port-numbers.)
The operator indicates whether to filter packets arriving from or destined for a port whose number is equal to
(eq), greater than (gt), less than (lt), not equal to (neq), or in a range that includes (range) the specified port.
To specify a range of TCP or UDP ports, you enter the beginning and ending port numbers.
Note.
The CLI does not accept port names in ACLs. To filter on ports by name, you must
use WLAN Management Software. For more information, see the Nortel WLAN
Management Software 2300 Series Reference Guide.
Setting a TCP ACL
The following command filters TCP packets:
set security acl ip acl-name {permit [cos cos] | deny}
tcp {source-ip-addr mask | any [operator port [port2]]} {destination-ip-addr mask |
any [operator port [port2]]} [[precedence precedence] [tos tos] | [dscp codepoint]]
[established] [before editbuffer-index | modify editbuffer-index] [hits]
For example, the following command permits packets sent from IP address 192.168.1.5 to 192.168.1.6 with
the TCP destination port equal to 524, a precedence of 7, and a type of service of 15, on an established TCP
session, and counts the number of hits generated by the ACE:
WSS# set security acl ip acl-4 permit tcp 192.168.1.5 0.0.0.0 192.168.1.6 0.0.0.0 eq 524
precedence 7 tos 15 established hits
(For information about TOS and precedence levels, see the
Command Line
Reference. For CoS details, see
Setting a UDP ACL
The following command filters UDP packets:
set security acl ip acl-name {permit [cos cos] | deny} udp {source-ip-addr mask | any
[operator port [port2]]} {destination-ip-addr mask | any [operator port [port2]]}
[[precedence precedence] [tos tos] | [dscp codepoint]]
[before editbuffer-index | modify editbuffer-index] [hits]
NN47250-500 (320657-F Version 02.01)
Nortel WLAN Security Switch 2300 Series
"Class of Service" (page
412).)
- Quick Links:
- Using the Command-Line Interface
Hide quick links:
Advertisement
Table of Contents
