Specifications

Creating and Committing a Security ACL

15-8 Configuring and Managing Security ACLs

Setting a TCP ACL

ThefollowingcommandfiltersTCPpackets:

set security acl ip acl-name {permit [cos cos] | deny} tcp {source-ip-addr mask

[operator port [port2]] destination-ip-addr mask [operator port [port2]]}

[precedence precedence] [tos tos] [established] [before editbuffer-index |

modify editbuffer-index] [hits]

Example

ThefollowingcommandpermitspacketssentfromIPaddress192.168.1.5to192.168.1.6withthe

TCPdestinationportequalto524,aprecedenceof7,andatypeofserviceof15,onanestablished

TCPsession,andcountsthenumberofhitsgeneratedbytheACE:

RBT-8100# set security acl ip acl-4 permit tcp 192.168.1.5 0.0.0.0 192.168.1.6

0.0.0.0 eq 524 precedence 7 tos 15 established hits

(ForinformationaboutTOSandprecedencelevels,seetheRoamAboutMobilitySystemSoftware

CommandLineInterfaceReference.ForCoSdetails,see“ClassofService”onpage 15‐5.)

Setting a UDP ACL

ThefollowingcommandfiltersUDPpackets:

set security acl ip acl-name {permit [cos cos] | deny} udp {source-ip-addr mask

[operator port [port2]] destination-ip-addr mask [operator port [port2]]}

[precedence precedence] [tos tos] [before editbuffer-index | modify editbuffer-

index] [hits]

Example

ThefollowingcommandpermitsUDPpacketssentfromIPaddress192.168.1.7toIP address

192.168.1.8,withanyUDPde stinationportlessthan65,535.ItputsthisACEfirstintheACL,and

countsthenumberofhitsgeneratedbytheACE.

RBT-8100# set security acl ip acl-5 permit udp 192.168.1.7 0.0.0.0 192.168.1.8

0.0.0.0 lt 65535 precedence 7 tos 15 before 1 hits

(ForinformationaboutTOSandprecedencelevels,seetheRoamAboutMobilitySystemSoftware

CommandLineInterfaceReference.ForCoSdetails,see“ClassofService”onpage 15‐5.)