Specifications

ManualsBrandsEnterasys ManualsComputer equipmentAPS-3000

341

342

343

344

345

346

347

348

349

350

18-20 VNS Commands (vnsmode)

Usage

Ifthespecifiedrulepositionalreadycontainsafilterrule,thiscommandoverwritestheexisting

rule.Usethecreatecommandtoinsertorappendaruleatthespecif iedposition.

Examples

Thefollowingexampleoverwritesapre‐existingfilterrule1witharulethatallowsICMPtraffic

types9through31inbothdirectionsfortheassociatedtopology’s:

EWC.enterasys.com:vnsmode:default-policy:apfilters# config 1 proto icmp

interface-subnet type 9 31 both allow

EWC.enterasys.com:vnsmode:default-policy:apfilters# apply

EWC.enterasys.com:vnsmode:default-policy:apfilters# show

Custom AP Filters: enable

filter 1 proto icmp interface-subnet type 9 31 both allow

filter 2 proto udp 10.10.10.0 255.255.255.0 port 20 2000 both allow

filter 3 (default) proto none 0.0.0.0 all_ports both deny

EWC.enterasys.com:vnsmode:default-policy:apfilters#

18.4.9.3 delete

UsethedeletecommandtoremoveafilterrulefromtheAPfilterlist.Thedeletecommandis

accessiblefromthevnsmode:default‐policy:apfilterscontext.

Syntax

delete <pos>

Basic:in(none|dst)

Advanced:

in(none|src|dst|both)

Specifiesthedirectionofpacketflow.—inspecif iesapacketflowfrom

theAPtotheAC(intothenetwork).

nonespecifiesthattheindirectiondoesnotapplytothefilterrule.

dstspecifiesthattheIPaddressforthisfilterruleisthe

destinationof

thepacketflow.

srcspecifiesthattheIPaddressforthisfilterruleisthesourceofthe

packetflow.

bothspecifiesthattheIP addressforthisfilterrulecanbeeithersource

ordestination.

Basic:out(none|src)

Advanced:

out

(none|src|dst|both)

Specifiesthedirectionofpacketflow.—out

specifiesapacketflow

fromtheACtotheAP(outofthenetwork).

nonespecifiesthattheoutdirectiondoesnotapplytothefilterrule.

dstspecifiesthatthe IPaddressforthisfilterruleisthedestinationof

thepacketflow.

srcspecifiesthattheIPaddressfor

thisfilterruleisthesourceofthe

packetflow.

bothspecifiesthattheIP addressforthisfilterrulecanbeeithersource

ordestination.

allow|deny Specifieswhetherpacketswillbeallowedordeniedwhenmeetingthe

criteriaspecifiedinthefilterrule.