Specifications

ManualsBrandsEnterasys ManualsComputer equipmentAPS-3000

451

452

453

454

455

456

457

458

459

460

Enterasys Wireless Controller Software CLI Reference Guide 20-19

Usage

Ifthespecifiedrulepositionalreadycontainsa customfilter,specifyingaruleusingthiscommand

insertsaruleinthecurrentlyexistingrulespositionandmovesallotherrulesbyoneposition.Use

thecreatecommandtoinsertorappendaruleatthespecifiedposition.

Ifadvancedfiltermode

hasbeenenabledwiththeenable‐advance‐filteringcommand(page20‐3),

theAdvancedmodesyntaxispresented.Ifadvancedfiltermodeisnotenabled,theBasicmode

syntaxispresented.

Examples

Thefollowingexamplecreatesacustomfilter1thatallowsUDPtrafficinbothdirectionsfromIP

address10.10.10.0/24forports10 through2000:

EWC.enterasys.com:policy:p1:apfilters# create 1 proto udp 10.10.10.0/24 port 20

2000 in dst out src allow

EWC.enterasys.com:policy:p1:apfilters# apply

EWC.enterasys.com:policy:p1:apfilters# show

Custom AP Filters: enable

port<port>

[<port>]

SpecifiesaTCPorUDPportorportrangetowhichthiscustomfilter

willbeapplied.Thefirstvaluespecifieseithertheportorthestartofa

portrange.Thesecondvalueoptionallyspecifiestheendofarange.

Thisparameterisonlyvalidwheneither

TCPorUDPisthespecified

protocol.Validportvaluesarefrom0‐65535.

type<type>[<type>] SpecifiesanICMPtypeorrangeofICMPtypes.Thisparameterisonly

validwhenICMPisthespecifiedprotocol.Validvaluesarefrom0‐

255.

Basic:in(none|dst)

Advanced:

in(none|src|dst|both)

Specifiesthedirectionofpacket

flow.—inspecifiesapacketflowfrom

theAPtotheAC.

nonespecifiesthattheindirectiondoesnotapplytothefilterrule.

dstspecifiesthattheIPaddressforthisfilterruleisthedestinationof

thepacketflow.

srcspecifiesthattheIPaddressforthis

filterruleisthesourceofthe

packetflow.

bothspecifiesthattheIP addressforthisfilterrulecanbeeithersource

ordestination.

Basic:out(none|src)

Advanced:

out

(none|src|dst|both)

Specifiesthedirectionofpacketflow.—outspecifiesapacketflow

fromtheACtotheAP.

nonespecifiesthat

theoutdirectiondoesnotapplytothefilterrule.

dstspecifiesthatthe IPaddressforthisfilterruleisthedestinationof

thepacketflow.

srcspecifiesthattheIPaddressforthisfilterruleisthesourceofthe

packetflow.

bothspecifiesthattheIP addressfor

thisfilterrulecanbeeithersource

ordestination.

allow|deny Specifieswhetherpacketswillbeallowedordeniedwhenmeetingthe

criteriaspecifiedinthecustomfilter.