Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsSoftwareExtremeWare Command
111112113114115116117118119120
IP Access Lists (ACLs)
ExtremeWare XOS 10.1 Concepts Guide 117
Along with the data types described in Table 22, you can use the operators <, <=, >, and >= to specify
match conditions. For example, the match condition,
source-port >190, will match packets with a
source port greater than 190.
Example ACL Rule Entries
The following entry accepts all the UDP packets from the 10.203.134.0/24 subnet that are destined for
the host 140.158.18.16, with source port 190 and a destination port in the range of 1200 - 1400:
entry udpacl {
if {
ICMP-code <number> ICMP code field. This value or keyword provides more specific
information than the icmp-type. Since the values meaning
depends upon the associated icmp-type, you must specify the
icmp-type along with the icmp-code.In place of the numeric value,
you can specify one of the following text synonyms (the field
values also listed). The keywords are grouped by the ICMP type
with which they are associated:
Parameter-problem:
ip-header-bad(0), required-option-missing(1)
Redirect:
redirect-for-host (1), redirect-for-network (2),
redirect-for-tos-and-host (3), redirect-for-tos-and-net (2)
Time-exceeded:
ttl-eq-zero-during-reassembly(1), ttl-eq-zero-during-transit(0)
Unreachable:
communication-prohibited-by-filtering(13),
destination-host-prohibited(10), destination-host-unknown(7),
destination-network-prohibited(9),
destination-network-unknown(6), fragmentation-needed(4),
host-precedence-violation(14), host-unreachable(1),
host-unreachable-for-TOS(12), network-unreachable(0),
network-unreachable-for-TOS(11), port-unreachable(3),
precedence-cutoff-in-effect(15), protocol-unreachable(2),
source-host-isolated(8), source-route-failed(5)
ICMP
Table 22: ACL Match Condition Data Types
Condition Data Type Description
prefix IP source and destination address prefixes. To specify the address prefix, use the
notation prefix/prefix-length. For a host address, prefix-length should be set
to 32.
number Numeric value. This can be TCP or UDP source and destination port number, IP protocol
number, etc.
range A range of numeric values. To specify the numeric range, use the notation
number - number
bit-field Used to match specific bits in an IP packet, such as TCP flags and the fragment flag
mac-address 6-byte hardware address
Table 21: ACL Match Conditions (continued)
Match Conditions Description
Applicable
IP Protocols