AMX NXA-ENET24 Switch User Manual


  Open as PDF
of 304
 
Configuring ACLs
76
NXA-ENET24 - Software Management Guide
Configuring an Extended IP ACL - Web
Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address
type (Any, Host, or IP).
If you select “Host,” enter a specific address.
If you select “IP,” enter a subnet address and the mask for an address range.
Set any other required criteria, such as service type, protocol type, or TCP control code. Then click Add.
Configuring an Extended IP ACL - CLI
This example adds three rules:
1. Accept any incoming packets if the source address is in subnet 10.7.1.x. For example, if the rule is
matched; i.e., the rule (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0),
the packet passes through.
2. Allow TCP packets from class C addresses 192.168.1.0 to any destination address when set for
destination TCP port 80 (i.e., HTTP).
3. Permit all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.”
Command Attributes (Cont.)
Source/Destination
Port Bitmask:
Decimal number representing the port bits to match.
Range: 0-65535
Control Code: Decimal number (representing a bit string) that specifies flag bits in byte 14 of
the TCP header.
Range: 0-63
Control Code Bitmask: Decimal number representing the code bits to match.
The control bitmask is a decimal number (for an equivalent binary bit mask) that
is applied to the control code. Enter a decimal number, where the equivalent
binary bit “1” means to match a bit and “0” means to ignore a bit. The following
bits may be specified:
1 (fin) – Finish
2 (syn) – Synchronize
4 (rst) – Reset
8 (psh) – Push
16 (ack) – Acknowledgement
32 (urg) – Urgent pointer
For example, use the code value and mask below to catch packets with the
following flags set:
SYN flag valid, use control-code 2, control bitmask 2
Both SYN and ACK valid, use control-code 18, control bitmask 18
SYN valid and ACK invalid, use control-code 2, control bitmask 18
FIG. 75
Configuring Extended ACLs
 previous next