Security
7450 ESS System Mangement Guide Page 133
Context config>system>security>mgmt-access-filter>ip-filter>entry
config>system>security>mgmt-access-filter>mac-filter
Description This command enables match logging. When enabled, matches on this entry will cause the Security
event mafEntryMatch to be raised.
Default no log
protocol
Syntax [no] protocol protocol-id
Context config>system>security>mgmt-access-filter>ip-filter>entry
Description This command configures an IP protocol type to be used as a management access filter match crite-
rion.
The protocol type, such as TCP, UDP, and OSPF, is identified by its respective protocol number. Well-
known protocol numbers include ICMP (1), TCP (6), and UDP (17).
The no form the command removes the protocol from the match criteria.
Default No protocol match criterion is specified.
Parameters protocol — The protocol number for the match criterion.
Values 1 to 255 (decimal)
port
Syntax port tcp/udp port-number [mask]
port-list port-list-name
port range start end
no port
Context config>system-security>cpm-filter>ip-filter>entry>match
config>system>security>cpm-filter>ipv6-filter>entry>match
Description This command configures a TCP/UDP source or destination port match criterion in IPv4 and IPv6
CPM filter policies. A packet matches this criterion if packet’s TCP/UDP (as configured by protocol/
next-header match) source OR destination port matches either the specified port value or a port in the
specified port range or port list.
This command is mutually exclusive with src-port and dst-port commands.
The no form of this command deletes the specified port match criterion.
Default no port
Parameters port-number — A source or destination port to be used as a match criterion specified as a decimal
integer.
Values 1 -65535
To Next Page
Loading...
