Setting Tcp And Udp Acls; Setting A Tcp Acl; Setting A Udp Acl - D-Link DWS-1008 - AirPremier MobileLAN Switch Product Manual
8 port 10/100 wireless switch with power over ethernet
Hide thumbs
Also See for DWS-1008 - AirPremier MobileLAN Switch:
- Cli reference manual (531 pages) ,
- User manual (454 pages) ,
- Installation manual (17 pages)
Table of Contents
Advertisement
Security ACLs can filter TCP and UDP packets by source and destination IP address, precedence, and
TOS level. You can apply a TCP ACL to established TCP sessions only, not to new TCP sessions. In
addition, security ACLs for TCP and UDP can filter packets according to a source port on the source
IP address and/or a destination port on the destination IP address, if you specify a port number and an
operator in the ACE. (For a list of TCP and UDP port numbers, see www.iana.org/assignments/port-
numbers.)
The operator indicates whether to filter packets arriving from or destined for a port whose number is
equal to (eq), greater than (gt), less than (lt), not equal to (neq), or in a range that includes (range)
the specified port. To specify a range of TCP or UDP ports, you enter the beginning and ending port
numbers.
The following command filters TCP packets:
set security acl ip acl-name {permit [cos cos] | deny}
tcp {source-ip-addr mask | any [operator port [port2]]}
{destination-ip-addr mask | any [operator port [port2]]}
[[precedence precedence] [tos tos] | [dscp codepoint]]
[established] [before editbuffer-index | modify editbuffer-index] [hits]
For example, the following command permits packets sent from IP address 192.168.1.5 to 192.168.1.6
with the TCP destination port equal to 524, a precedence of 7, and a type of service of 15, on an
established TCP session, and counts the number of hits generated by the ACE:
DWS-1008# set security acl ip acl-4 permit tcp 192.168.1.5 0.0.0.0 192.168.1.6
0.0.0.0 eq 524 precedence 7 tos 15 established hits
The following command filters UDP packets:
set security acl ip acl-name {permit [cos cos] | deny}
udp {source-ip-addr mask | any [operator port [port2]]}
{destination-ip-addr mask | any [operator port [port2]]}
[[precedence precedence] [tos tos] | [dscp codepoint]]
[before editbuffer-index | modify editbuffer-index] [hits]
For example, the following command permits UDP packets sent from IP address 192.168.1.7 to IP
address 192.168.1.8, with any UDP destination port less than 65,535. It puts this ACE first in the ACL,
and counts the number of hits generated by the ACE.
DWS-1008# set security acl ip acl-5 permit udp 192.168.1.7 0.0.0.0 192.168.1.8
0.0.0.0 lt 65535 precedence 7 tos 15 before 1 hits
D-Link DWS-1008 User Manual
Setting TCP and UDP ACLs
Setting a TCP ACL
Setting a UDP ACL
0
Advertisement
Table of Contents
