Setting A Source Ip Acl - D-Link DWS-1008 - AirPremier MobileLAN Switch Product Manual

You can create an ACE that filters packets based on the source IP address and optionally applies CoS
packet handling. You can also determine where the ACE is placed in the security ACL by using the
before editbuffer-index or modify editbuffer-index variables with an index number. You can use the hits
counter to track how many packets the ACL filters.
The simplest security ACL permits or denies packets from a source IP address:
set security acl ip acl-name {permit [cos cos] | deny} {source-ip-addr mask | any}
[before editbuffer-index | modify editbuffer-index] [hits]
For example, to create ACL acl-1 that permits all packets from IP address 192.168.1.4, type the following
command:
DWS-1008# set security acl ip acl-1 permit 192.168.1.4 0.0.0.0
With the following basic security ACL command, you can specify any of the protocols supported by
MSS:
set security acl ip acl-name {permit [cos cos] | deny} protocol-number
{source-ip-addr mask | any} {destination-ip-addr mask | any}
[[precedence precedence] [tos tos] | [dscp codepoint]]
[before editbuffer-index | modify editbuffer-index] [hits]
The following sample security ACL permits all Generic Routing Encapsulation (GRE) packets from
source IP address 192.168.1.11 to destination IP address 192.168.1.15, with a precedence level of 0
(routine), and a type-of-service (TOS) level of 0 (normal). GRE is protocol number 47.
DWS-1008# set security acl ip acl-2 permit cos 2 47 192.168.1.11 0.0.0.0
192.168.1.15 0.0.0.0 precedence 0 tos 0 hits
The security ACL acl-2 described above also applies the CoS level 2 (medium priority) to the permitted
packets. The keyword hits counts the number of times this ACL affects packet traffic.
The table below lists common IP protocol numbers. (For a complete list of IP protocol names and
numbers, see www.iana.org/assignments/protocol-numbers.)
Number IP Protocol
1 Internet Message Control Protocol (ICMP)
2 Internet Group Management Protocol (IGMP)
6 Transmission Control Protocol (TCP)
9 Any private interior gateway (used by Cisco for Internet Gateway Routing Protocol)
17 User Datagram Protocol (UDP)
46 Resource Reservation Protocol (RSVP)
47 Generic Routing Encapsulation (GRE) protocol
50 Encapsulation Security Payload for IPSec (IPSec-ESP)
51 Authentication Header for IPSec (IPSec-AH)
55 IP Mobility (Mobile IP)
88 Enhanced Interior Gateway Routing Protocol (EIGRP)
89 Open Shortest Path First (OSPF) protocol
103 Protocol Independent Multicast (PIM) protocol
112 Virtual Router Redundancy Protocol (VRRP)
115 Layer Two Tunneling Protocol (L2TP)
D-Link DWS-1008 User Manual

Setting a Source IP ACL