MES53xx, MES33xx, MES23xx Ethernet Switch Series 176
Specify the source IP address of the packet.
Address mask of the source
The bit mask applied to the source IP address of the packet.
The mask defines the bits of the IP address which should be
ignored. “1” indicates an ignored bit. For example, the mask
can be used to specify an IP network that will be filtered out.
In order to add IP network 195.165.0.0 IP to a filtering rule,
the mask should be set to 0.0.255.255, i.e. the last 16 bits of
the IP address will be ignored.
Specify the destination IP address of the packet.
Address mask of the
destination
The bit mask applied to the destination IP address of the
packet. The mask defines the bits of the IP address which
should be ignored. “1” indicates an ignored bit. This mask is
used similarly to the source_wildcard mask.
Specify the VLAN this rule will apply to.
The DSCP field in the L3
header
Specify the value of the diffserv DSCP field. Possible message
codes for the dscp field: (0 – 63).
Define the priority of IP traffic: (0-7).
Name of the time-range
configuration profile
Specify configuration of time periods.
Type of ICMP messages used for ICMP packets filtering.
Possible message codes for the icmp_type field:echo-reply,
destination-unreachable, source-quench, redirect, alternate-
host-address, echo-request, router-advertisement, router-
solicitation, time-exceeded, parameter-problem, timestamp,
timestamp-reply, information-request, information-reply,
address-mask-request, address-mask-reply, traceroute,
datagram-conversion-error, mobile-host-redirect, mobile-
registration-request, mobile-registration-reply, domain_name-
request, domain_name-reply, skip, photuris, or the numeric
value of the message type (0 – 255).
Code of ICMP messages used for ICMP packets filtering.
Possible message codes for the icmp_code field:(0 – 255).
Type of IGMP messages used for IGMP packets filtering.
Possible message codes for the igmp_type field: host-query,
host-report, dvmrp, pim, cisco-trace, host-report-v2, host-
leave-v2, host-report-v3 or the numeric value of the message
type (0 – 255).
Possible values for the TCP port field: bgp (179), chargen (19),
daytime (13), discard (9), domain (53), drip (3949), echo (7),
finger (79), ftp (21), ftp-data (20), gopher (70), hostname (42),
irc (194), klogin (543), kshell (544), lpd (515), nntp (119), pop2
(109), pop3 (110), smtp (25), sunrpc (1110, syslog (514),
tacacs-ds (49), talk (517), telnet (23), time (37), uucp (117),
whois (43), www (80);
For an UDP port: biff (512), bootpc (68), bootps (67), discard
(9), dnsix (90), domain (53), echo (7 ), mobile-ip (434),
nameserver (42), netbios-dgm (138), netbios-ns (137), on500-
isakmp (4500), ntp (123), rip (520), snmp (161), snmptrap
(162), sunrpc (111), syslog (514), tacacs-ds (49), talk (517), tftp
(69), time (37), who (513), xdmcp (177).
Or a numeric value (0 – 65535).
If you want to filter by a specific flag, put "+" before it;
otherwise put "-". Possible flags: +urg, +ack, +psh, +rst, +syn,
+fin, -urg, -ack, -psh, -rst, -syn and -fin. If you use multiple
flags for filtering, they are joined in one line without spaces.
For example: +fin-ack.
Disable the port when receiving a packet from it that satisfies
the conditions of a deny command that describes that field.
Enable message log registration when a packet corresponding
to the entry is received.
To Next Page
Loading...
Need help?
General
