Specifications

ManualsBrandsEnterasys ManualsComputer equipmentAPS-3000

451

452

453

454

455

456

457

458

459

460

Enterasys Wireless Controller Software CLI Reference Guide 20-21

Usage

Ifthespecifiedrulepositionalreadycontainsacustomfilter,thiscommandoverwritesthe

existingrule.Usethecreatecommandtoinsertorappendaruleatthespecifiedposition.

Ifadvancedfiltermodehasbeenenabledwiththeenable‐advance‐filteringcommand(page20‐3),

theAdvancedmodesyntaxis

presented.Ifadvancedfiltermodeisnotenabled,theBasicmode

syntaxispresented.

Examples

Thefollowingexampleoverwritesapre‐existingcustomfilter2witharulethatallowsTCPtraffic

bothdirectionsfromIPaddress50.20.0.0/16:

EWC.enterasys.com:vnsmode:default-policy:apfilters# config 2 proto tcp 50.20.0.0/

16 in dst out src allow

<ipaddress/mask> SpecifiesanIPaddressandmaskforthisfilter.

interface‐subnet SpecifiestheIPaddressandmaskconfiguredfortheassociated

topology.

interface‐ip SpecifiestheIPaddressoftheassociatedtopology

port<port>

[<port>]

SpecifiesaTCPorUDPportorportrangetowhichthiscustomfilter

willbeapplied.Thefirstvalue

specifieseithertheportorthestartofa

portrange.Thesecondvalueoptionallyspecifiestheendofarange.

ThisparameterisonlyvalidwheneitherTCPorUDPisthespecified

protocol.ValidPortvaluesarefrom0‐65535.

type<type>[<type>] SpecifiesanICMPtypeorrangeof

ICMPtypes.Thisparameterisonly

validwhenICMPisthespecifiedprotocol.Validvaluesarefrom0‐

255.

Basic:in(none|dst)

Advanced:

in(none|src|dst|both)

Specifiesthedirectionofpacketflow.—inspecif iesapacketflowfrom

theAPtotheAC.

nonespecifiesthattheindirectiondoesnotapply

tothefilterrule.

dstspecifiesthattheIPaddressforthisfilterruleisthedestinationof

thepacketflow.

srcspecifiesthattheIPaddressforthisfilterruleisthesourceofthe

packetflow.

bothspecifiesthattheIP addressforthisfilterrulecanbeeither

source

ordestination.

Basic:out(none|src)

Advanced:

out

(none|src|dst|both)

Specifiesthedirectionofpacketflow.—outspecifiesapacketflow

fromtheACtotheAP.

nonespecifiesthattheoutdirectiondoesnotapplytothefilterrule.

dstspecifiesthatthe IPaddressforthisfilterruleisthe

destinationof

thepacketflow.

srcspecifiesthattheIPaddressforthisfilterruleisthesourceofthe

packetflow.

bothspecifiesthattheIP addressforthisfilterrulecanbeeithersource

ordestination.

allow|deny Specifieswhetherpacketswillbeallowedordeniedwhenmeetingthe



criteriaspecifiedinthecustomfilter.