Manualshelf

Specifications

ManualsBrandsCabletron Systems ManualsComputer equipmentSmartSwitch Router
31323334353637383940
Table Of Contents
Chapter 1: acl Commands
SSR Command Line Interface Reference Manual 1 - 11
check the port value. The SSR checks only the source and
destination IP addresses in the packet.
You can specify a range of port numbers using operator sym-
bols; for example, 10-20 (between 10 and 20 inclusive),
>1024 (greater than 1024), <1024 (less than 1024), !=1024
(not equal to 1024). The port numbers of some popular ser-
vices are already defined as keywords. For example, for Tel-
net, you can enter the port number 23 as well as the keyword
telnet
.
<DstPort>
For TCP or UDP, the number of the destination TCP or UDP port.
This field applies only to incoming TCP or UDP traffic. The same
requirements and restrictions for
<SrcPort>
apply to
<Dst-
Port>
.
<tos>
IP TOS (Type of Service) value. You can specify a TOS from 0 – 15.
Restrictions
When you apply an ACL to an interface, the SSR appends an implicit deny rule to that
ACL. The implicit deny rule denies all traffic. If you intend to allow all traffic that
doesn’t match your specified ACL rules to go through, you must explicitly define a rule
to permit all traffic.
Examples
Here are some examples of ACL commands for permitting and denying IP traffic
flows.
ssr(config)# acl 100 permit ip 10.1.0.0/16 any
Creates an ACL to permit IP traffic from the subnet 10.1.0.0 (with a 16 bit
netmask) to any destination.
ssr(config)# acl 120 deny ip any any 1-1024 any
Creates an ACL to deny any incoming TCP or UDP traffic coming from a
privileged port (less than 1024). If the incoming traffic is not TCP or UDP, then
the SSR check only the source and destination addresses, not the port number.
Therefore, this ACL will deny all non-TCP and non-UDP traffic.
ssr(config)# acl 130 permit ip 10.23.4.8 10.2.3.0/24
Creates an ACL to permit Telnet traffic (port 23) from the host 10.23.4.8 to the
subnet 10.2.3.0.