Security and authentication
11.4 IP access control list
SCALANCE XM-400/XR-500 Command Line Interface (CLI)
Configuration Manual, 11/2015, C79000-G8976-C252-10
721
Call up the command with the following parameters:
deny icmp {any | host <src-ip> | <network-src-ip> <mask>} [{any | host <dest-ip> |
<network-dest-ip> <mask>}] [<message-type type(0-255)>] [<message-code code(0-255)>]
The parameters have the following meaning:
Blocks all incoming frames
Keyword for a single IP address -
Enter a valid IP address.
Network source address Enter a valid combination of IP
address and subnet mask.
Corresponding subnet mask
Blocks all outgoing frames
Keyword for a single IP address
Enter a valid IP address.
Network destination address
Enter a valid combination of IP
address and subnet mask.
Corresponding subnet mask
Keyword for the ICMP message type
Keyword for the ICMP message code
For information on names of addresses and interfaces, refer to the section "Interface
identifiers and addresses (Page 39)".
The IP access list for ICMP messages has been configured.
Note
Subnet mask for individual hosts
If you create the rule for a single sys
tem (one IP address), you will need to specify the
subnet mask "255,255,255,255". As an alternative, you can specify the keyword "host"
followed by the IP address.
You delete an IP access control list with the no ip access-list standard <acl-num>
command.
You display the configuration of the access control list with the
show access-lists command.
To Next Page
Loading...
Need help?
General