User's Manual
Chapter 3 - Operation and Administration Using the CLI NPU Configuration
4Motion 182 System Manual
In the above commands, it is mandatory to specify the protocol and source IP
address for which the Permit/Deny rule is to be created. If you do not specify the
destination IP address/subnet mask, by default, traffic to all destination IP
addresses is permitted/denied.
The following table lists the parameters and their descriptions in these
commands:
Table 3-20: Parameters for Configuring Permit/Deny Rules for Traffic from/to Specific IP Addresses
Parameter Description Example
Protocol ip Indicates that the Permit/Deny
rule to be created is to be
applied for the IP-in-IP packets.
npu(config-ext-nacl)#
permit ip any
ospf Indicates that the Permit/Deny
rule to be created is to be
applied to OSPF packets.
npu(config-ext-nacl)#
permit ospf any
pim Indicates that the Permit/Deny
rule to be created is to be
applied to the PIM packets.
npu(config-ext-nacl)#
permit pim any
<protocol-
type
(1-255)>
Indicates that the Permit/Deny
rule to be created is to be
applied to traffic from/to any
protocol (including IP, OSPF,
PIM). Use standard IANA values
to specify the values of these
protocols
npu(config-ext-nacl)#
permit 11 any
Source IP
address
any Indicates that incoming traffic
from any source IP address is
permitted or denied.
npu(config-std-nacl)#
permit ip any
npu(config-std-nacl)# deny
ip any
host
<src-ip-ad
dress>
Indicates that incoming traffic
from a specific source IP
address is permitted or denied.
npu(config-std-nacl)#
permit ip host 1.1.1.1
npu(config-std-nacl)# deny
ip host 1.1.1.1
<network-s
rc-ip>
<mask>
Indicates that incoming traffic is
to be permitted or denied for a
particular source IP address and
subnet mask.
npu(config-std-nacl)#
permit ip 1.1.1.0
255.255.255.0
npu(config-std-nacl)# deny
ip 1.1.1.0 255.255.255.0