848 ExtremeWare Software 7.3.0 Command Reference Guide
Security Commands
create access-list icmp destination source
create access-list <name> icmp destination [<dest_ipaddress>/<mask> | any]
source [<src_ipaddress>/<source_mask> | any] type <icmp_type> code
<icmp_code> [permit | deny] {<portlist>} {precedence <number>}
Description
Creates a named IP access list that applies to ICMP traffic.
Syntax Description
Default
N/A.
Usage Guidelines
The access list is applied to all ingress packets.
Example
This command creates an access list named denyping that filters out ping (ICMP echo) packets. ICMP
echo packets are defined as type 8 code 0:
create access-list denyping icmp destination any source any type 8 code 0 deny ports
any
History
This command was first available in ExtremeWare 6.0, and replaced the
configure ipqos
command.
name Specifies the access list name. The access list name can be between 1 and
31 characters.
dest_ipaddress/mask Specifies an IP destination address and subnet mask. A mask length of 32
indicates a host entry.
any specifies that any address will match.
src_ipaddress/source_mask Specifies a source IP address and subnet mask.
any specifies that any address will match.
icmp_type Specifies the ICMP_TYPE number. The ICMP type is a number from 0 to 255.
icmp_code Specifies the ICMP_CODE number. The ICMP code is a number from 0 to
255.
permit Specifies that packets that match the access list description are permitted to
be forward by this switch.
deny Specifies that packets that match the access list description are filtered
(dropped) by the switch.
portlist Specifies the ingress port(s) on which this rule is applied.
number Specifies the access list precedence number. The range is 1 to 25,600.
To Next Page
Loading...
Need help?
General
