Specifications

ManualsBrandsEnterasys ManualsComputer equipmentAPS-3000

331

332

333

334

335

336

337

338

339

340

Enterasys Wireless Controller Software CLI Reference Guide 18-9

Usage

Ifthespecifiedrulepositionalreadycontainsafilterrule,thiscommandinsertsaruleinthe

specifiedpositioninthelistandresequencesallotherrulesbelowthisrulebyoneposition.Use

thecreatecommandtoinsertorappendaruleatthespecifiedlistposition.

Ifadvancedfilter

modehasbeenenabledwiththeenable‐advance‐filteringcommand(page20‐3),

theAdvancedmodesyntaxispresented.Ifadvancedfiltermodeisnotenabled,theBasicmode

syntaxispresented.

Examples

Thefollowingexamplecreatesafilter rule1thatallowsUDPtrafficinbothdirectionsfromthe

associatedtopology’sinterface‐subnetforports10throu gh2000:

EWC.enterasys.com:vnsmode:default-policy:acfilters# create 1 proto udp interface-

subnet port 10 2000 in dst out src allow

EWC.enterasys.com:vnsmode:default-policy:acfilters# apply

EWC.enterasys.com:vnsmode:default-policy:acfilters# show

Enable AP filtering: disable

filter 1 proto udp interface-subnet port 10 2000 in dst out src allow

filter 2 (default) proto none 0.0.0.0 all_ports in dst out src deny

EWC.enterasys.com:vnsmode:default-policy:acfilters#

type<type>[<type>] SpecifiesanICMPtypeorrangeofICMPtypes.Thisparameterisonly

validwhenICMPisthespecifiedprotocol.Validvaluesarefrom0‐

255.

Basic:in(none|dst)

Advanced:

in(none|src|dst|both)

Specifiesthedirectionofpacketflow.—inspecif iesapacketflowfrom

theAPtotheAC

(intonetwork).

nonespecifiesthattheindirectiondoesnotapplytothefilterrule.

dstspecifiesthattheIPaddressforthisfilterruleisthedestinationof

thepacketflow.

srcspecifiesthattheIPaddressforthisfilterruleisthesourceofthe

packetflow.

bothspecifies

thattheIPaddressforthisfilterrulecanbeeithersource

ordestination.

Basic:out(none|src)

Advanced:

out

(none|src|dst|both)

Specifiesthedirectionofpacketflow.—outspecifiesapacketflow

fromtheACtotheAP(outofnetwork).

nonespecifiesthattheoutdirectiondoesnotapplytothe

filterrule.

dstspecifiesthatthe IPaddressforthisfilterruleisthedestinationof

thepacketflow.

srcspecifiesthattheIPaddressforthisfilterruleisthesourceofthe

packetflow.

bothspecifiesthattheIP addressforthisfilterrulecanbeeithersource

or

destination.

allow|deny Specifieswhetherpacketswillbeallowedordeniedwhenmeetingthe

criteriaspecifiedinthefilterrule.