User's Manual
Chapter 3 - Operation and Administration Using the CLI NPU Configuration
4Motion 185 System Manual
3.3.10.1.3.2 Configuring Permit/Deny Rules for TCP/UDP Traffic
After you have created an ACL, you can configure Permit/Deny rules for TCP and
UDP traffic from/to specific source and destination IP address and port.
This section describes the commands to be used for:
“Creating a Permit/Deny Rule for TCP/UDP Traffic (Extended Mode)” on
page 185
“Deleting a Permit/Deny Rule for TCP/UDP Traffic (Extended Mode)” on
page 191
3.3.10.1.3.2.1Creating a Permit/Deny Rule for TCP/UDP Traffic (Extended Mode)
Run the following commands to specify the Permit rule for TCP/UDP traffic
from/to a specific source/destination IP address/port:
npu(config-ext-nacl)# permit tcp {any | host <src-ip-address> |
<src-ip-address> <src-mask>} [{gt <port-number (1-65535)> | lt
<port-number (1-65535)> |eq <port-number (1-65535)> | range
<port-number (1-65535)> <port-number (1-65535)>}] {any | host
<dest-ip-address> | <dest-ip-address> <dest-mask>} {gt <port-number
(1-65535)> | lt <port-number (1-65535)> | eq <port-number
(1-65535)> | range <port-number (1-65535)> <port-number
(1-65535)>}]
{ any | host
<src-ip-addres
s> |
<src-ip-addres
s> <mask> }
Indicates the source IP
address/subnet for which the
Permit/Deny rule is to be
deleted.
Mandatory N/A For details,
refer
Table 3-20
{ any | host
<dest-ip-addre
sq> |
<dest-ip-addre
ss> <mask> }
Indicates the destination IP
address/subnet for which the
Permit/Deny rule is to be
deleted.
Optional any For details,
refer
Table 3-20
Command
Modes
Extended ACL configuration mode
IMPORTANT
You cannot configure Permit or Deny rules for an ACL that is associated with a Qos marking rule.
You can either associate QoS marking rules or permit/deny rules with an ACL.