Example Acl Rule Entries - Extreme Networks ExtremeWare XOS Guide Manual

Concepts guide

Hide thumbs Also See for ExtremeWare XOS Guide:

Command reference manual (2024 pages)

Manual (698 pages)

Command reference manual (1712 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

Table of Contents

Table 21: ACL Match Conditions (continued)

Match Conditions

ICMP-code <number>

Along with the data types described in Table 22, you can use the operators

match conditions. For example, the match condition,

source port greater than 190.

Table 22: ACL Match Condition Data Types

Condition Data Type

prefix

number

range

bit-field

mac-address

Example ACL Rule Entries

The following entry accepts all the UDP packets from the 10.203.134.0/24 subnet that are destined for

the host 140.158.18.16, with source port 190 and a destination port in the range of 1200 - 1400:

entry

udpacl {

{

ExtremeWare XOS 10.1 Concepts Guide

Description

ICMP code field. This value or keyword provides more specific

information than the icmp-type. Since the value's meaning

depends upon the associated icmp-type, you must specify the

icmp-type along with the icmp-code.In place of the numeric value,

you can specify one of the following text synonyms (the field

values also listed). The keywords are grouped by the ICMP type

with which they are associated:

Parameter-problem:

ip-header-bad(0), required-option-missing(1)

Redirect:

redirect-for-host (1), redirect-for-network (2),

redirect-for-tos-and-host (3), redirect-for-tos-and-net (2)

Time-exceeded:

ttl-eq-zero-during-reassembly(1), ttl-eq-zero-during-transit(0)

Unreachable:

communication-prohibited-by-filtering(13),

destination-host-prohibited(10), destination-host-unknown(7),

destination-network-prohibited(9),

destination-network-unknown(6), fragmentation-needed(4),

host-precedence-violation(14), host-unreachable(1),

host-unreachable-for-TOS(12), network-unreachable(0),

network-unreachable-for-TOS(11), port-unreachable(3),

precedence-cutoff-in-effect(15), protocol-unreachable(2),

source-host-isolated(8), source-route-failed(5)

Description

IP source and destination address prefixes. To specify the address prefix, use the

notation prefix/prefix-length. For a host address, prefix-length should be set

to 32.

Numeric value. This can be TCP or UDP source and destination port number, IP protocol

number, etc.

A range of numeric values. To specify the numeric range, use the notation:

number - number

Used to match specific bits in an IP packet, such as TCP flags and the fragment flag.

6-byte hardware address.

, will match packets with a

source-port >190

IP Access Lists (ACLs)

Applicable

IP Protocols

ICMP

, and

to specify

117

Table of Contents

This manual is also suitable for:

Extremeware xos 10.1

Example Acl Rule Entries - Extreme Networks ExtremeWare XOS Guide Manual

Example ACL Rule Entries

Related Manuals for Extreme Networks ExtremeWare XOS Guide

Related Content for Extreme Networks ExtremeWare XOS Guide

This manual is also suitable for:

Table of Contents