Specifications

Enterasys Wireless Controller Software CLI Reference Guide 18-11
Usage
Ifthespecifiedrulepositionalreadycontainsafilterrule,theconfigcommandoverwritesthe
existingrule.Usethecreatecommandtoinsertorappendaruleatthespecifiedposition.
Ifadvancedfiltermodehasbeenenabledwiththeenableadvancefilteringcommand(page203),
theAdvancedmodesyntax
ispresented.Ifadvancedfiltermodeisnotenabled,theBasicmode
syntaxispresented.
Examples
Thefollowingexampleoverwritesapreexistingfilterrule1witharulethatallowsICMPtraffic
types9through31inbothdirectionsfortheassociatedtopology’s:
EWC.enterasys.com:vnsmode:default-policy:acfilters# config 1 proto icmp
interface-subnet type 9 31 in dst out src allow
EWC.enterasys.com:vnsmode:default-policy:acfilters# apply
EWC.enterasys.com:vnsmode:default-policy:acfilters# show
interfaceip SpecifiestheIPaddressoftheassociatedtopologywillbeusedforthis
filterrule.
port<port>
[<port>]
SpecifiesaTCPorUDPportorportrangetowhichthisfi lterrulewill
beapplied.Thefirstvaluespecifieseithertheportorthestartofaport
range.Thesecond
valueoptionallyspecifiestheendofaportrange.
ThisparameterisonlyvalidwheneitherTCPorUDPisthespecified
protocol.Validportvaluesarefrom0‐65535.
type<type>[<type>] SpecifiesanICMPtypeorrangeofICMPtypes.Thisparameterisonly
validwhenICMPisthespecified
protocol.Validvaluesare from0‐
255.
Basic:in(none|dst)
Advanced:
in(none|src|dst|both)
Specifiesthedirectionofpacketflow.inspecif iesapacketflowfrom
theAPtotheAC(intothenetwork).
nonespecifiesthattheindirectiondoesnotapplytothefilterrule.
dstspecifiesthattheIP
addressforthisfilterruleisthedestinationof
thepacketflow.
srcspecifiesthattheIPaddressforthisfilterruleisthesourceofthe
packetflow.
bothspecifiesthattheIP addressforthisfilterrulecanbeeithersource
ordestination.
Basic:out(none|src)
Advanced:
out
(none|src|dst|both)
Specifies
thedirectionofpacketflow.outspecifies apacketflow
fromtheACtotheAP(outofthenetwork).
nonespecifiesthattheoutdirectiondoesnotapplytothefilterrule.
dstspecifiesthatthe IPaddressforthisfilterruleisthedestinationof
thepacketflow.
srcspecifiesthattheIPaddressforthisfilterruleisthesourceofthe
packetflow.
bothspecifiesthattheIP addressforthisfilterrulecanbeeithersource
ordestination.
allow|deny Specifieswhetherpacketswillbeallowedordeniedwhenmeetingthe
criteriaspecifiedinthefilter
rule.