Specifications

ManualsBrandsEnterasys ManualsComputer equipmentAPS-3000

341

342

343

344

345

346

347

348

349

350

18-18 VNS Commands (vnsmode)

Usage

Ifthespecifiedrulepositionalreadycontainsafilterrule,specifyingaruleusingthiscommand

insertsaruleinthecurrentlyexistingrulespositionandresequencesallotherrulesbelowthisrule

byoneposition.Usethecreatecommandtoinsertorappendaruleatthespecifiedposition.

If

advancedfiltermodehasbeenenabledwiththeenable‐advance‐filteringcommand(page20‐3),

theAdvancedmodesyntaxispresented.Ifadvancedfiltermodeisnotenabled,theBasicmode

syntaxispresented.

Examples

Thefollowingexamplecreatesafilter rule1thatallowsUDPtrafficinbothdirectionsfrom

subnet10.10.10.0/24forports10through2000:

EWC.enterasys.com:vnsmode:default-policy:apfilters# create 1 proto udp

10.10.10.0/24 port 10 2000 in dst out src allow

EWC.enterasys.com:vnsmode:default-policy:apfilters# show

Custom AP Filters: enable

filter 1 proto udp 10.10.10.0 255.255.255.0 port 10 2000 in dst out src allow

filter 2 (default) proto none 0.0.0.0 all_ports in dst out src deny

EWC.enterasys.com:vnsmode:default-policy:apfilters#

Thefollowingexamplecreatesafilterrule1thatisinsertedintotherulelistatposition1becausea

rulealreadyexistsforrule1.This filterruleallowsICMPtypes9through31trafficinboth

directionsfromIPaddress20.20.0.0/16:

EWC.enterasys.com:vnsmode:default-policy:apfilters# create 1 proto icmp

20.20.0.0/16 type 9 31 in dst out src allow

EWC.enterasys.com:vnsmode:default-policy:apfilters# show

Custom AP Filters: enable

filter 1 proto icmp 20.20.0.0 255.255.0.0 type 9 31 in dst out src allow

filter 2 proto udp 10.10.10.0 255.255.255.0 port 10 2000 in dst out src allow

filter 3 (default) proto none 0.0.0.0 all_ports both deny

EWC.enterasys.com:vnsmode:default-policy:apfilters#

Basic:out(none|src)

Advanced:

out

(none|src|dst|both)

Specifiesthedirectionofpacketflow.—outspecifiesapacketflow

fromtheACtotheAP(outofnetwork).

nonespecifiesthattheoutdirectiondoesnotapplytothefilterrule.

dstspecifiesthatthe IPaddressforthisfilterruleisthedestination

of

thepacketflow.

srcspecifiesthattheIPaddressforthisfilterruleisthesourceofthe

packetflow.

bothspecifiesthattheIP addressforthisfilterrulecanbeeithersource

ordestination.

allow|deny Specifieswhetherpacketswillbeallowedordeniedwhenmeetingthe

criteriaspecifiedinthefilterrule.