User manual

ManualsBrandsMotorola ManualsComputer equipmentRFS7000 Series

181

182

183

184

185

186

187

188

189

190

5-9

Usage Guidelines

Use an access list command under global configuration to create an access list. RFS7000 supports port, router

and WLAN ACL’s.

• When the access list is applied on an Ethernet port, it becomes a port ACL.

• When the access list is applied on a VLAN interface, it becomes a router ACL.

• When the access list is applied on a WLAN index, it becomes a WLAN ACL.

A MAC access list, to allow arp, is mandatory for both port and WLAN ACL’s. For more information on how to

configure a MAC access list, see permit on page 11-12

access-list

(<100-199>|<2000-2699>)

{deny | permit | mark {dot1p

<0-7> | tos <0-255>}}

{tcp|udp}

{source/source-mask | host

source | any}

[operator source-port]

{destination/destination-

mask | host destination | any}

[operator destination-port]

[log] [rule-precedence

access-list-entry precedence]

Add an Extended IP access list entry using tcp or udp keyword.

• (<100-199>|<2000-2699>) – For tcp or udp type of extended ACL, the

ACL number must be between 2000-2699.

• {deny | permit | mark {dot1p <0-7> | tos <0-255>}} – Action types on

an ACL. The action type

mark is functional only over a Port ACL.

•{tcp|udp} – Specifies tcp or udp as the protocol.

• {source/source-mask | host source | any} – Source is the source

address of the network or host in dotted decimal. Source-mask is the

network mask. For e.g. 10.1.1.10/24 indicates that the first 24 bits of

the source IP are used for matching.

• any is an abbreviation for a source IP of 0.0.0.0 and

source-mask bits equal to 0.

• host is an abbreviation for an exact source (A.B.C.D) and

source-mask bits equal to 32.

• [operator source-port] – Valid only for tcp or udp protocols. Valid

values are eq and range.

• range – Specify the protocol range (starting and ending protocol

numbers).

• port – Valid Port number.

• {destination/destination-mask | host destination | any} – The

destination host IP address or destination network address.

• [operator destination-port] – Specify the destination port.

• [log] – Generates log messages when the packet coming from the

interface matches the ACL entry. Log messages are generated only for

router ACL’s.

• [rule-precedence access-list-entry precedence] – Integer value

between 1-5000. This value sets the rule precedence in the ACL.