MES53xx, MES33xx, MES23xx Ethernet Switch Series 179
It is used to filter ICMP packets. Possible message codes and
values for the icmp_type field: destination-unreachable (1),
packet-too-big (2), time-exceeded (3), parameter-problem (4),
echo-request (128), echo-reply (129), mld-query (130), mld-
report (131), mldv2-report (143), mld-done (132), router-
solicitation (133), router-advertisement (134), nd-ns (135), nd-
na (136).
It is used to filter ICMP packets. Possible field values (0 – 255).
Possible values for the TCP port field: bgp (179), chargen (19),
daytime (13), discard (9), domain (53), drip (3949), echo (7),
finger (79), ftp (21), ftp-data (20), gopher (70), hostname (42),
irc (194), klogin (543), kshell (544), lpd (515), nntp (119), pop2
(109), pop3 (110), smtp (25), sunrpc (1110, syslog (514),
tacacs-ds (49), talk (517), telnet (23), time (37), uucp (117),
whois (43), www (80);
For an UDP port: biff (512), bootpc (68), bootps (67), discard
(9), dnsix (90), domain (53), echo (7 ), mobile-ip (434),
nameserver (42), netbios-dgm (138), netbios-ns (137), on500-
isakmp (4500), ntp (123), rip (520), snmp (161), snmptrap
(162), sunrpc (111), syslog (514), tacacs-ds (49), talk (517), tftp
(69), time (37), who (513), xdmcp (177).
Or a numeric value (0 – 65535).
If you want to filter by a specific flag, put "+" before it;
otherwise put "-". Possible flags: +urg, +ack, +psh, +rst, +syn,
+fin, -urg, -ack, -psh, -rst, -syn and -fin.
Disable the port when receiving a packet from it that satisfies
the conditions of a deny command that describes that field.
Enable message logging upon receiving a packet that matches
the entry.
Rule index in the table. The lower the index, the higher the
priority of the rule. (1 - 2147483647).
In order to select the complete range of parameters except dscp and ip-precedence, use
As soon as at least one entry has been added to the ACL, the following entries are added at
the end of the list:
permit-icmp any any nd-ns any
permit-icmp any any nd-na any
deny ipv6 any any
The first two of these entries enable search of neighbour IPv6 devices with the help of
ICMPv6. The last entry ignores all packets that do not meet the ACL conditions.
Table 5.207. IPv6-based ACL configuration commands
permit protocol {any | source_prefix/length}
{any | destination_prefix/length}
[dscp dscp | precedence precedence]
[timerange time_name] [ace-priority index]
Add a permit filtering entry for a protocol. The packets that meet the
entry's conditions will be processed by the switch.
permit icmp {any | source_prefix/length}
{any | destination_prefix/length}
{any | icmp_type} {any | icmp_code}
[dscp dscp| precedence precedence]
[timerange time_name] [ace-priority index]
Add a permit filtering entry for the ICMP. The packets that meet the
entry's conditions will be processed by the switch.
permit tcp {any | source_prefix/length}
{any | source_port}
{any | destination_prefix/length}
{any | destination_port}
[dscp dscp | precedence precedence]
[timerange time_name]
Add a permit filtering entry for the TCP. The packets that meet the entry's
conditions will be processed by the switch.
To Next Page
Loading...
Need help?
General
