Specifications

ManualsBrandsExtreme Networks ManualsSoftwareExtremeWare Command

111

112

113

114

115

116

117

118

119

120

118 ExtremeWare XOS 10.1 Concepts Guide

Security

source-address 10.203.134.0/24;

destination-address 140.158.18.16/32;

protocol udp;

source-port 190;

destination-port 1200-1400;

} then {

accept;

}

The following rule entry accepts TCP packets from the 10.203.134.0/24 subnet with a source port larger

than 190 and ACK & SYN bits set, and also increments the counter tcpcnt:

entry tcpacl {

if {

source-address 10.203.134.0/24;

protocol TCP;

source-port >190;

tcp-flags syn_ack;

} then {

accept;

count tcpcnt ;

}

The following example denies ICMP echo request packets from the 10.203.134.0/24 subnet, and

increments the counter icmpcnt:

entry icmp {

if {

source-address 10.203.134.0/24;

protocol icmp;

icmp-type echo-request;

} then {

deny;

count icmpcnt;

}

The following entry denies every packet and increments the counter default:

entry default {

if {

} then {

deny;

count default;

}

Using Access Lists on the Switch

Once the access list file is on the switch, it can be checked to see if it is syntactically correct. Since an

ACL is a type of policy, use the following command to check the ACL syntax:

check policy <policy-name>