Release Notes

ManualsBrandsDell ManualsTVs & monitorsW-620

441

442

443

444

445

446

447

448

449

450

441 | ip access-list session Dell Networking W-Series ArubaOS 6.4.x| Reference Guide

Parameter Description

Action if rule is applied, which can be one of the following:

deny: Reject packets. Applicable to both IPv4 and IPv6.

dst-nat: Performs destination NAT on packets. Forward packets from source network to

destination; re-mark them with destination IP of the target network. This action functions

in tunnel/decrypt-tunnel forwarding mode. User should configure the NAT pool in the

controller.

dual-nat: Performs both source and destination NAT on packets. Source IP and

destination IP is changed as per the NAT pool configured. This action functions in

tunnel/decrypt-tunnel forwarding mode. User should configure the NAT pool in the

controller.

permit: Forward packets. Applicable to both IPv4 and IPv6.

redirect: Specify the location to which packets are redirected. The following are

applicable only to IPv4:

l Datapath destination ID (0-65535).

l esi-group: Specify the ESI server group configured with the esi group command.

l tunnel: Specify the ID of the tunnel configured with the interface tunnel command.

webcc-reputation: Assign one of the predefined web content reputation levels to the

packets.

The following are applicable only to IPv6:

l tunnel:Specify the ID of the tunnel configured with the interface tunnel command.

l tunnel-group: Specify the tunnel-group configured with the interface tunnel

command.

route: Specify the next hop to which packets are routed, which can be one of the

following:

l dst-nat: Destination IP changes to the IP configured from the NAT pool. This action

functions in bridge/split-tunnel forwarding mode. User should configure the NAT pool

in the controller.

l src-nat:Source IP changes to RAP’s external IP. This action functions in bridge/split-

tunnel forwarding mode and uses implied NAT pool.

src-nat: Performs source NAT on packets. Source IP changes to the outgoing interface IP

address (implied NAT pool) or from the pool configured (manual NAT pool). This action

functions in tunnel/decrypt-tunnel forwarding mode.

<extended ac

tion>

Optional action if rule is applied, which can be one of the following:

blacklist: blacklist user if ACL gets applied.

classify-media: Monitors user UDP packets to classify them as media and tag

accordingly.

NOTE: Use this parameter only for voice and video signaling and control sessions as it

causes deep packet inspection of all UDP packets from/to users.

disable-scanning: pause ARM scanning while traffic is present. Note that you must

enable “VoIP Aware Scanning” in the ARM profile for this feature to work.

dot1p-priority: specify 802.1p priority (0-7)

log: generate a log message

mirror: mirror all session packets to datapath or remote destination

If you configure the mirror option, define the destination to which mirrored packets are

sent in the firewall policy. For more information, see firewall on page 337.

next-hop-list: Route packet to the next hop in the list.

position: specify the position of the rule (1 is first, default is last)

queue: assign flow to priority queue (high/low)

send-deny-response: if <action> is deny, send an ICMP notification to the source

time-range: specify time range for this rule (configured with time-range command)

tos: specify ToS value (0-63)

Negates any configured parameter.