Overview
14-6
• Select icmp to allow/deny icmp packets. Selecting icmp provides the option of filtering icmp packets
based on icmp type and code.
Example
The following example denies traffic between two subnets:
RFS7000(config-ext-nacl)#deny ip 192.168.2.0/24 192.168.1.0/24
RFS7000(config-ext-nacl)#permit ip any any
RFS7000(config-ext-nacl)#
The following example denies tcp traffic with source port range between 20 - 23 from the source subnet to
destination sub net:
RFS7000(config-ext-nacl)#deny tcp 192.168.1.0/24 192.168.2.0/24 range 20 23
RFS7000(config-ext-nacl)#permit ip any any
RFS7000(config-ext-nacl)#
The following example denies udp traffic with a source port range between 20 - 23 from the source subnet to
destination sub net.
RFS7000(config-ext-nacl)#deny udp 192.168.1.0/24 192.168.2.0/24 range 20 23
RFS7000(config-ext-nacl)#permit ip any any
RFS7000(config-ext-nacl)#
The following example denies icmp traffic from any source to any destination. The keyword any is used to
match any source or destination IP address.
RFS7000(config-ext-nacl)#deny icmp any any
RFS7000(config-ext-nacl)#permit ip any any
RFS7000(config-ext-nacl)#
NOTE The log option is functional only for router ACL’s. The log option displays an
informational logging message for the packet that matches the entry sent to the
console.
To Next Page
Loading...
Need help?
General
