Specifications

ManualsBrandsEnterasys ManualsComputer equipmentAPS-3000

341

342

343

344

345

346

347

348

349

350

18-16 VNS Commands (vnsmode)

Usage

EnablingAPcustomfiltersallowsyoutoaccessthevnsmode:default‐policy:apfilterscontextby

executingtheapfilterscommand.Thevnsmode:default‐policy:apfilterscontextallowsyouto

configureadditionalfiltersfortheAPs.

FilteringontheAPmustbeenabledusingtheulfilterapenablecommandfortheapcustom

commandtobevisiblein

theCLI.Theapcustomenablecommandmakestheapfilterscommand

visible.

Examples

ThefollowingexampleenablesAPcustomfilters:

EWC.enterasys.com:vnsmode:default-policy# ulfilterap enable

EWC.enterasys.com:vnsmode:default-policy# apcustom enable

EWC.enterasys.com:vnsmode:default-policy# apfilters

EWC.enterasys.com:vnsmode:default-policy:apfilters#

18.4.9 apfilters

Usetheapfilterscommandtoenterthevnsmode:default‐policy:apfilterscontextforthe

configuringofAPcustomfilters.APcustomfiltersareappliedattheAP.Default‐policyAP

customfiltersareappliedwhennoAPcustomfiltersareconfiguredforpolicyappliedattheAP.

Theapfilterscommandisaccessiblefrom

thevnsmode:default‐policycontext.

ThiscommandisnotvisibleintheCLIifyouexecutetheapcustomdisablecommand.

Thefollowingcommandsareavailableinthevnsmode:default‐policy:apfilterscontext:

• create

• config

• delete

• move

18.4.9.1 create

Usethecreatecommandtocreate,insert,orappendanewAPfilterruleforthisdefault‐policy.

Thecreatecommandisaccessiblefromthevnsmode:default‐policy:apfilterscontext.

Ifadvancedfiltermodehasbeenenabledwiththeenable‐advance‐filteringcommand(page20‐3),

theAdvancedmodesyntaxispresented.If

advancedfiltermodeisnotenabled,theBasicmode

syntaxispresented.

Syntax

Basic mode syntax:

create <pos> proto <protocol> (<ipaddress/mask> | interface-subnet | interface-ip)

[(port <port> [<port>]) | (type <type> [<type>])] in (none|dst) out (none|src)

(allow | deny)

Note: The apfilter command has been replaced by the apfilters command. apfilter is deprecated.