Specifications
Table Of Contents
- Title Page
- Notice
- Contents
- acl Commands
- acl-edit Commands
- aging Commands
- arp Commands
- cli Commands
- configure Command
- copy Command
- dvmrp Commands
- enable Command
- erase Command
- exit Command
- file Commands
- filters Commands
- http Commands
- igmp Commands
- interface Commands
- ip Commands
- ip-router Commands
- Command Summary
- ip-router authentication add key-chain
- ip-router authentication create key-chain
- ip-router global add
- ip-router global set
- ip-router global set trace-options
- ip-router global set trace-state
- ip-router global use provided_config
- ip-router kernel trace
- ip-router policy add filter
- ip-router policy add optional-attributes-list
- ip-router policy aggr-gen destination
- ip-router policy create aggregate-export-source
- ip-router policy create aggr-gen-dest
- ip-router policy create aggr-gen-source
- ip-router policy create aspath-export-source
- ip-router policy create bgp-export-destination
- ip-router policy create bgp-export-source
- ip-router policy create bgp-import-source
- ip-router policy create direct-export-source
- ip-router policy create filter
- ip-router policy create optional-attributes-list
- ip-router policy create ospf-export-destination
- ip-router policy create ospf-export-source
- ip-router policy create ospf-import-source
- ip-router policy create rip-export-destination
- ip-router policy create rip-export-source
- ip-router policy create rip-import-source
- ip-router policy create static-export-source
- ip-router policy create tag-export-source
- ip-router policy export destination
- ip-router policy import source
- ip-router policy redistribute
- ip-router show configuration file
- ip-router show state
- ipx Commands
- l2-tables Commands
- logout Command
- multicast Commands
- mtrace Command
- negate Command
- no Command
- ospf Commands
- Command Summary
- ospf add interface
- ospf add nbma-neighbor
- ospf add network
- ospf add stub-host
- ospf add virtual-link
- ospf create area
- ospf create-monitor
- ospf monitor
- ospf set area
- ospf set ase-defaults
- ospf set export-interval
- ospf set export-limit
- ospf set interface
- ospf set monitor-auth-method
- ospf set trace-options
- ospf set virtual-link
- ospf show
- ospf start|stop
- ping Command
- port Commands
- qos Commands
- reboot Command
- rip Commands
- save Command
- show Command
- snmp Commands
- statistics Commands
- stp Commands
- system Commands
- Command Summary
- system image add
- system image choose
- system image delete
- system image list
- system promimage upgrade
- system set bootprom
- system set contact
- system set date
- system set dns
- system set location
- system set name
- system set password
- system set poweron-selftest
- system set syslog
- system set terminal
- system show
- traceroute Command
- vlan Commands
Chapter 1: acl Commands
1 - 20 SSR Command Line Interface Reference Manual
are already defined as keywords. For example, for Telnet, you
can enter the port number 23 as well as the keyword
telnet
.
<DstPort>
For TCP or UDP, the number of the destination TCP or UDP
port. This field applies only to incoming TCP or UDP traffic.
The same requirements and restrictions for
<SrcPort>
apply
to
<DstPort>
.
<tos>
IP TOS (Type of Service) value. You can specify a TOS from
0 – 15.
Restrictions
When you apply an ACL to an interface, the SSR appends an implicit deny rule to that
ACL. The implicit deny rule denies all traffic. If you intend to allow all traffic that
doesn’t match your specified ACL rules to go through, you must explicitly define a rule
to permit all traffic.
Examples
Here are some examples of ACL commands for permitting and denying TCP traffic
flows.
ssr(config)# acl 100 permit tcp 10.21.33.0/255.255.255.0 any
Creates an ACL to permit TCP traffic from the subnet 10.21.33.0 (with a 24 bit
netmask) to any destination.
ssr(config)# acl noweb deny tcp any any http any
Creates an ACL to deny any incoming HTTP traffic.
ssr(config)# acl ftp100 permit tcp 10.31.34.0/24 10.31.60.0/24
20-21 any
Creates an ACL to permit FTP traffic (both command and data ports) from subnet
10.31.34.0 to 10.31.60.0.