Owner's Manual

ManualsBrandsNetgear ManualsHubsNetgear XCM8806

321

322

323

324

325

326

327

328

329

330

322 | Chapter 13. ACLs

NETGEAR 8800 User Manual

clear access-list {dynamic} counter {<countername>} {any | ports <portlist> |

vlan <vlanname>} {ingress | egress}

Example ACL Rule Entries

The following entry accepts all the UDP packets from the 10.203.134.0/24 subnet that are

destined for the host 140.158.18.16, with source port 190 and a destination port in the range

of 1200 to 1250:

entry udpacl {

if {

source-address 10.203.134.0/24;

destination-address 140.158.18.16/32;

protocol udp;

source-port 190;

destination-port 1200 - 1250;

} then {

permit;

}

The following rule entry accepts TCP packets from the 10.203.134.0/24 subnet with a source

port larger than 190 and ACK & SYN bits set and also increments the counter tcpcnt. The

packets will be forwarded using QoS profile QP3.

entry tcpacl {

if {

source-address 10.203.134.0/24;

protocol TCP;

source-port > 190;

tcp-flags syn_ack;

} then {

permit;

count tcpcnt ;

qosprofile qp3;

}

The following example denies ICMP echo request (ping) packets originating from the

10.203.134.0/24 subnet, and increments the counter icmpcnt:

entry icmp {

if {

source-address 10.203.134.0/24;

protocol icmp;

icmp-type echo-request;