C613-50631-01 Rev A Command Reference for IE340 Series 1973
AlliedWare Plus™ Operating System - Version 5.5.3-0.x
IPV4 HARDWARE ACCESS CONTROL LIST (ACL) COMMANDS
(NAMED HARDWARE ACL ENTRY FOR ICMP)
(named hardware ACL entry for ICMP)
Overview Use this command to add a new ICMP filter entry to the current hardware
access-list. The filter will match on any ICMP packet that has the specified source
and destination IP addresses and (optionally) ICMP type. You can specify the value
any if source or destination address does not matter.
If you specify a sequence number, the switch inserts the new filter at the specified
location. Otherwise, the switch adds the new filter to the end of the access-list.
The no variant of this command removes an ICMP filter entry from the current
hardware access-list. You can specify the ICMP filter entry for removal by entering
either its sequence number (e.g. no 100), or by entering its ICMP filter profile
without specifying its sequence number (e.g. no permit icmp 192.168.1.0/24 any
icmp-type 11).
You can find the sequence number by running the show access-list (IPv4 Hardware
ACLs) command.
Hardware ACLs will permit access unless explicitly denied by an ACL action.
CAUTION: Specifying a “send” action enables you to use ACLs to redirect packets from
their original destination. Use such ACLs with caution. They could prevent control
packets from reaching the correct destination, such as EPSR healthcheck messages
and AMF messages.
Syntax
[<sequence-number>] <action> icmp <source-ip> <dest-ip>
[icmp-type <number>] [vlan <1-4094>]
no <sequence-number>
no <action> icmp <source-ip> <dest-ip> [icmp-type <number>]
[vlan <1-4094>]
The following actions are available for hardware ACLs:
V
alues for the <action> parameter
deny Reject packets that match the source and destination
filtering specified with this command.
permit Permit packets that match the source and destination
filtering specified with this command.
copy-to-cpu Send a copy of matching packets to the CPU.
copy-to-mirror Send a copy of matching packets to the mirror port.
Use the mirror interface command to configure the mirror
port.
send-to-mirror Send matching packets to the mirror port.
Use the mirror interface command to configure the mirror
port.
To Next Page
Loading...
Need help?
General
