Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentExtremeWare XOS Command

151

152

153

154

155

156

157

158

159

160

152 ExtremeWare XOS 11.0 Concepts Guide

Security

Along with the data types described in Table 29, you can use the operators <, <=, >, and >= to specify

match conditions. For example, the match condition,

source-port >190, will match packets with a

source port greater than 190.

ICMP-code <number> ICMP code field. This value or keyword provides more specific

information than the icmp-type. Because the value's meaning

depends upon the associated icmp-type, you must specify the

icmp-type along with the icmp-code. In place of the numeric

value, you can specify one of the following text synonyms (the

field values also listed); the keywords are grouped by the ICMP

type with which they are associated:

Parameter-problem:

ip-header-bad(0), required-option-missing(1)

Redirect:

redirect-for-host (1), redirect-for-network (2),

redirect-for-tos-and-host (3), redirect-for-tos-and-net (2)

Time-exceeded:

ttl-eq-zero-during-reassembly(1), ttl-eq-zero-during-transit(0)

Unreachable:

communication-prohibited-by-filtering(13),

destination-host-prohibited(10), destination-host-unknown(7),

destination-network-prohibited(9),

destination-network-unknown(6), fragmentation-needed(4),

host-precedence-violation(14), host-unreachable(1),

host-unreachable-for-TOS(12), network-unreachable(0),

network-unreachable-for-TOS(11), port-unreachable(3),

precedence-cutoff-in-effect(15), protocol-unreachable(2),

source-host-isolated(8), source-route-failed(5)

ICMP

Table 29: ACL match condition data types

Condition Data Type Description

prefix IP source and destination address prefixes. To specify the address prefix, use the

notation prefix/prefix-length. For a host address, prefix-length should be set

to 32.

number Numeric value, such as TCP or UDP source and destination port number, IP protocol

number.

range A range of numeric values. To specify the numeric range, use the notation:

number - number

bit-field Used to match specific bits in an IP packet, such as TCP flags and the fragment flag.

mac-address 6-byte hardware address.

Table 28: ACL match conditions (continued)

Match Conditions Description

Applicable

IP Protocols