Specifications

ManualsBrandsEnterasys ManualsComputer equipmentAPS-3000

441

442

443

444

445

446

447

448

449

450

20-12 policy Commands

Usage

Ifthespecifiedrulepositionalreadycontainsafilterrule,theconfigcommandoverwritesthe

existingrule.Usethecreatecommandtoinsertorappendaruleatthespecifiedposition.

Ifadvancedfiltermodehasbeenenabledwiththeenable‐advance‐filteringcommand(page20‐3),

theAdvancedmodesyntax

ispresented.Ifadvancedfiltermodeisnotenabled,theBasicmode

syntaxispresented.

Examples

Thefollowingexampleoverwritesapre‐existingfilterrule1witharulethatallowsICMPtraffic

types9through31inbothdirectionsfortheassociatedtopology’sinterfacesubnetandmask:

EWC.enterasys.com:policy:p1:acfilters# config 1 proto icmp interface-subnet type

9 31 in dst out src allow

EWC.enterasys.com:policy:p1:acfilters# apply

EWC.enterasys.com:policy:p1:acfilters# show

Enable AP filtering: disable

filter 1 proto icmp interface-subnet type 9 31 in dst out src allow

filter 2 proto udp 192.168.10.0 255.255.255.0 port 10 2000 in dst out src allow

filter 3 (default) proto none 0.0.0.0 all_ports in dst out none allow

filter 4 (default) proto none 0.0.0.0 all_ports in none out src allow

type<type>[<type>] SpecifiesanICMPtypeorrangeofICMPtypes.Thisparameterisonly

validwhenICMPisthespecifiedprotocol.Validvaluesarefrom0‐

255.

Basic:in(none|dst)

Advanced:

in(none|src|dst|both)

Specifiesthedirectionofpacketflow.—inspecifiesapacketflowfrom

theAPtotheAC.

nonespecifiesthattheindirectiondoesnotapplytothefilterrule.

dstspecifiesthattheIPaddressforthisfilterruleisthedestinationof

thepacketflow.

srcspecifiesthattheIPaddressforthisfilterruleisthe sourceofthe

packetflow.

bothspecifiesthatthe

IPaddressforthisfilterrulecanbeeithersource

ordestination.

Basic:out(none|src)

Advanced:

out(none|src|dst|both)

Specifiesthedirectionofpacketflow.—outspecifiesapacketflow

fromtheACtotheAP.

nonespecifiesthattheoutdirectiondoesnotapplytothefilterrule.

dstspecifiesthatthe

IPaddressforthisfilterruleisthedestinationof

thepacketflow.

srcspecifiesthattheIPaddressforthisfilterruleisthe sourceofthe

packetflow.

bothspecifiesthattheIPaddressforthisfilterrulecanbeeithersource

ordestination.

allow|deny Specifieswhether

packetswillbeallowedordeniedwhenmeetingthe

criteriaspecifiedinthefilterrule.