Named Acls - Dell PowerConnect B-RX Configuration Manual

21
ICMP filtering for extended ACLs

Named ACLs

For example, to deny the administratively-prohibited message type in a named ACL, enter
commands such as the following.
BigIron RX(config)# ip access-list extended entry
BigIron RX(config-ext-nacl)# deny ICMP any any administratively-prohibited
or
BigIron RX(config)# ip access-list extended entry
BigIron RX(config-ext-nacl)#deny ICMP any any 3 13
Syntax: [no]ip access-list extended <acl-name>
The extended parameter indicates the ACL entry is an extended ACL.
The <acl-name> | <acl-num> parameter allows you to specify an ACL name or number. If using a
name, specify a string of up to 255 alphanumeric characters. You can use blanks in the ACL name
if you enclose the name in quotation marks (for example, "ACL for Net1"). The <acl-num>
parameter allows you to specify an ACL number if you prefer. If you specify a number, enter a
number from 100 – 199 for extended ACLs.
The deny | permit parameter indicates whether packets that match the policy are dropped or
forwarded.
You can either use the <icmp-type> and enter the name of the message type or use the
<type-number> <code-number> parameter to enter the type number and code number of the
message. Refer to
TABLE 101
ICMP message type
administratively-prohibited
any-icmp-type
destination-host-prohibited
destination-host-unknown
NOTE: destination-net-prohibited
destination-network-unknown
echo
echo-reply
general-parameter-problem
NOTE: This message type indicates that required
host-precedence-violation
host-redirect
host-tos-redirect
host-tos-unreachable
host-unreachable
information-request
562
deny | permit host icmp any any [log] <icmp-type> | <type-number> <code-number>
Table 101 on page 562 for valid values.
ICMP message types and codes
option is missing.
Type Code
3 13
x x
3 10
3 7
3 9
3 6
8 0
0 0
12 1
3 14
5 1
5 3
3 12
3 1
15 0
BigIron RX Series Configuration Guide
53-1001986-01