Specifications

ManualsBrandsEnterasys ManualsComputer equipmentAPS-3000

451

452

453

454

455

456

457

458

459

460

20-20 policy Commands

filter 1 proto udp 10.10.10.0 255.255.255.0 port 20 2000 in dst out src allow

filter 2 (default) proto none 0.0.0.0 all_ports in dst out none allow

filter 3 (default) proto none 0.0.0.0 all_ports in none out src allow

Thefollowingexamplecreatesacustomfilter1thatisinsertedinto therulelistatposition1

becausearulealreadyexistsforrule1.ThiscustomfilterallowsICMPtypes9through31trafficin

bothdirectionsfromIPaddress20.20.10.0/24:

EWC.enterasys.com:policy:p1:apfilters# create 1 proto icmp 20.20.10.0/24 type 9

31 in dst out src allow

EWC.enterasys.com:policy:p1:apfilters# show

Custom AP Filters: enable

filter 1 proto icmp 20.20.10.0 255.255.255.0 type 9 31 in dst out src allow

filter 2 proto udp 10.10.10.0 255.255.255.0 port 10 2000 in dst out src allow

filter 3 (default) proto none 0.0.0.0 all_ports in dst out none allow

filter 4 (default) proto none 0.0.0.0 all_ports in none out src allow

20.5.11.2 config

UsetheconfigcommandtomodifyanexistingAPcustomfilterforthis<named‐policy>.The

configcommandisaccessiblefromthepolicy:<named‐policy>:apfilterscontext.

Ifadvancedfiltermodehasbeenenabledwiththeenable‐advance‐filteringcommand(page20‐3),

theAdvancedmodesyntaxispresented.Ifadvancedfiltermode

isnotenabled,theBasicmode

syntaxispresented.

Syntax

Basic mode syntax:

config <pos> proto <protocol> (<ipaddress/mask> | interface-subnet | interface-ip)

[(port <port> [<port>]) | (type <type> [<type>])] in (none|dst) out (none|src)

(allow|deny)

Advanced mode syntax:

config <pos> proto <protocol> (<ipaddress/mask> | interface-subnet | interface-ip)

[(port <port> [<port>]) | (type <type> [<type>])] in (none|src|dst|both) out

(none|src|dst|both) (allow|deny)

Parameters

<pos> Specifiesapositionvalueforthisfilterinthefilterlist.Validvaluesare

from0‐255.

proto<protocol> Specifiestheprotocolforthiscustomfilterbynumberorname.Valid

numbervaluesarefrom0‐255.Validnamevaluesare:

• udp - UDP protocol

• tcp - TCP protocol

• ah - Authentication Header protocol

• esp - Encapsulating Security Payload protocol

• all - All protocols

• icmp - ICMP protocol

• gre - Generic Route Encapsulation protocol