Operation Manual

ManualsBrandsTrapeze smart mobile ManualsSoftwareMobility System Software 7.3

401

402

403

404

405

406

407

408

409

410

Security ACL Commands

15 – 397

acl-name Security ACL name. ACL names must be unique within the MX, must start with

a letter, and are case-insensitive. Specify an ACL name of up to 32 of the

following characters:

❑ Letters a through z and A through Z

❑ Numbers 0 through 9

❑ Hyphen (-), underscore (_), and period (.)

Trapeze Networks recommends that you do not use the same name with

different capitalizations for ACLs. For example, do not configure two separate

ACLs with the names acl_123 and ACL_123.

Note: In an ACL name, do not include the term all, default-action, map, help,

or editbuffer.

permit Allows traffic that matches the conditions in the ACE.

cos cos For permitted packets, a class-of-service (CoS) level for packet handling. Specify

a value from 0 through 7:

❑ 1 or 2—Background. Packets are queued in MP forwarding queue 4.

❑ 0 or 3—Best effort. Packets are queued in MP forwarding queue 3.

❑ 4 or 5—Video. Packets are queued in MP forwarding queue 2.

Use CoS level 4 or 5 for voice over IP (VoIP) packets other than SpectraLink

Voice Priority (SVP).

❑ 6 or 7—Voice. Packets are queued in MP forwarding queue 1.

Use 6 or 7 only for VoIP phones that use SVP, not for other types of traffic

deny Blocks traffic that matches the conditions in the ACE.

protocol IP protocol by which to filter packets:

❑ ip

❑ tcp

❑ udp

❑ icmp

❑ A protocol number between 0 and 255.

(For a complete list of IP protocol names and numbers, see www.iana.org/

assignments/protocol-numbers.)

source-ip-addr mask

| any

IP address and wildcard mask of the network or host from of the sent packet.

Specify both address and mask in dotted decimal notation. For more

information, see “Wildcard Masks” on page 2–7.

To match on any address, specify any or 0.0.0.0 255.255.255.255.

operator port [port2] Operand and port number(s) for matching TCP or UDP packets to the number of

the source or destination port on source-ip-addr or destination-ip-addr. Specify

one of the following operands and the associated port:

❑ eq—Packets are filtered for only port number.

❑ gt—Packets are filtered for all ports that are greater than port number.

❑ lt—Packets are filtered for all ports that are less than port number.

❑ neq—Packets are filtered for all ports except port number.

❑ range—Packets are filtered for ports in the range between port and port2. To

specify a port range, enter two port numbers. Enter the lower port number

first, followed by the higher port number.

(For a complete list of TCP and UDP port numbers, see www.iana.org/

assignments/port-numbers.)

destination-ip-addr

mask | any

IP address and wildcard mask of the network or host to that the packet is sent.

Specify both address and mask in dotted decimal notation. For more

information, see “Wildcard Masks” on page 2–7.

To match on any address, specify any or 0.0.0.0 255.255.255.255.

type icmp-type Filters ICMP messages by type. Specify a value from 0 through 255. (For a list of

ICMP message type and code numbers, see www.iana.org/assignments/

icmp-parameters.)

code icmp-code For ICMP messages filtered by type, additionally filters ICMP messages by code.

Specify a value from 0 through 255. (For a list of ICMP message type and code

numbers, see www.iana.org/assignments/icmp-parameters.)