Avaya G250 Administration page 65

4. Define the packet criteria to which the ACL rule should apply. See
page 540. For example, you can use destination-ip to specify that the rule applies to
packets with a specific destination address and you can use ip-protocol to specify that
the rule applies to packets with a specific protocol:
G350-001(super-ACL 301/ip rule 1)# destination-ip 255.255.255.255 0.0.0.0
Done!
G350-001(super-ACL 301/ip rule 1)# ip-protocol icmp
Done!
5. Use the composite-operation command to associate the ACL rule with the predefined
operation "deny-notify," which tells the gateway to drop any packet received that matches
the ACL rule, and send a trap upon dropping the packet. For example:
G350-001(super-ACL 301/ip rule 1)# composite-operation Deny-Notify
Done!
6. Exit the ACL rule. For example:
G350-001(super-ACL 301/ip rule 1)# exit
7. Exit the ACL. For example:
G350-001(super-ACL 301)# exit
8. Enter the configuration mode of the interface on which you want to activate the ACL.
Activate the configured ACL for incoming packets on the desired interface. For example:
G350-001(super)# interface Vlan 203
9. Activate the configured ACL for incoming packets on the desired interface. For example:
G350-001(super-if:Vlan 203)# ip access-group 301 in
Done!
Special security features
Rule criteria on
Issue 3 February 2007 65