Specifications

ManualsBrandsEnterasys ManualsComputer equipmentAPS-3000

441

442

443

444

445

446

447

448

449

450

Enterasys Wireless Controller Software CLI Reference Guide 20-11

filter 1 proto tcp 192.168.0.0 255.255.0.0 port 10 2000 in dst out src allow

filter 2 proto udp 192.168.10.0 255.255.255.0 port 10 2000 in dst out src allow

filter 3 (default) proto none 0.0.0.0 all_ports in dst out none allow

filter 4 (default) proto none 0.0.0.0 all_ports in none out src allow

20.5.5.2 config

UsetheconfigcommandtomodifyanexistingACfilterruleforthis<named‐policy>.Theconfig

commandisaccessiblefromwithinthepolicy:<named‐policy>:acfilterscontext.

Ifadvancedfiltermodehasbeenenabledwiththeenable‐advance‐filteringcommand(page20‐3),

theAdvancedmodesyntaxispresented.Ifadvancedfilter

modeisnotenabled,theBasicmode

syntaxispresented.

Syntax

Basic mode syntax:

config <pos> proto <protocol> (<ipaddress/mask> | interface-subnet | interface-ip)

[(port <port> [<port>]) | (type <type> [<type>])] in (none|dst) out (none|src)

(allow|deny)

Advanced mode syntax:

config <pos> proto <protocol> (<ipaddress/mask> | interface-subnet | interface-ip)

[(port <port> [<port>]) | (type <type> [<type>])] in (none|src|dst|both) out

(none|src|dst|both) (allow|deny)

Parameters

<pos> Specifiesapositionvalueforthisfilterinthefilterlist.Validvaluesare

from0‐255.

proto<protocol> Specifiestheprotocolforthisfilterrulebynumberorname.Valid

numbervaluesarefrom0‐255.Validnamevaluesare:

• udp - UDP protocol

• tcp - TCP protocol

• ah - Authentication Header protocol

• esp - Encapsulating Security Payload protocol

• all - All protocols

• icmp - ICMP protocol

• gre - Generic Route Encapsulation protocol

<ipaddress/mask> SpecifiesanIPaddressandmaskforthisfilter.

interface‐subnet SpecifiesthattheIPaddressandmaskconfiguredfortheassociated

topologywillbeusedforthisfilterrule.

interface‐ip SpecifiestheIPaddressoftheassociatedtopologywillbeusedforthis

filterrule.

port<port>

[<port>]

SpecifiesaTCPorUDP

portorportrangetowhichthisfilterrulewill

beapplied.Thefirstvaluespecifieseithertheportorthestartofaport

range.Thesecondvalueoptionallyspecif iestheendofaportrange.

Thisparameterisonly validwheneitherTCPorUDPisthespecified

protocol.Validportvaluesarefrom0‐65535.