Manualshelf

User manual

ManualsBrandsMotorola ManualsComputer equipmentRFS7000 Series
301302303304305306307308309310
Overview
9-6
Select the protocol type icmp to allow/deny icmp packets. Selecting icmp provies the option of filtering
icmp packets based on icmp type and code.
Example
The following example denies traffic between two subnets.
RFS7000(config-ext-nacl)#deny ip 192.168.2.0/24 192.168.1.0/24
RFS7000(config-ext-nacl)#permit ip any any
RFS7000(config-ext-nacl)#
The following example denies tcp traffic with source port range between 20 - 23 from the source subnet to
destination sub net.
RFS7000(config-ext-nacl)#deny tcp 192.168.1.0/24 192.168.2.0/24 range 20 23
RFS7000(config-ext-nacl)#permit ip any any
RFS7000(config-ext-nacl)#
The following example denies udp traffic with source port range between 20 - 23 from the source subnet to
destination sub net.
RFS7000(config-ext-nacl)#deny udp 192.168.1.0/24 192.168.2.0/24 range 20 23
RFS7000(config-ext-nacl)#permit ip any any
RFS7000(config-ext-nacl)#
The following example denies icmp traffic any source to any destination. The keyword any is used to match
any source or destination IP address.
RFS7000(config-ext-nacl)#deny icmp any any
RFS7000(config-ext-nacl)#permit ip any any
RFS7000(config-ext-nacl)#
NOTE The log option is functional only for router ACLs. The log option causes an
informational logging message about the packet that matches the entry to be sent
to the console.