Filter
Top Products
314
Intel
®
NetStructure™ 480T Routing Switch User Guide
the keyword. For example, you could use this entry to permit TCP
sessions originated from anywhere in the 10.1.0.0 network only:
create access-list TCPout tcp destination 10.1.0.0/
16 ip-port any source 0.0.0.0/0 ip-port any
permit-established ports any
In this example, using the permit-established keyword allows
only TCP packets with the ACK (acknowledgement) or RST (reset)
bit set to destination 10.1.0.0. from anywhere, but not to any other
destination.
Adding and Deleting Access List Entries
You can add and delete entries in the access list. To add an entry,
you must supply a unique name and, optionally, a unique
precedence number.
To modify an existing
entry, you must delete the
entry and retype it, or
create a new entry with a
new unique name.
To delete an access list entry, use the command:
delete access-list <name>
Maximum Entries
You can use up to 255 entries with an assigned precedence. Along
with the 255 entries, you can also create entries that do not use
precedence, with these restrictions:
• A source IP address must use wildcards or be completely
specified (32-bit mask).
• The Layer 4 source and destination ports must use wildcards or be
completely specified (no ranges).
• No physical source port can be specified.
Access Lists for ICMP
Access lists for ICMP (Internet Control Message Protocol) traffic
processing are handled somewhat differently. An access list for
ICMP is only effective for traffic routed by the switch.
ICMP traffic can either be forwarded (routed) by the switch or
discarded, but cannot contain options for assigning a QoS profile.
Other included configuration options for filtering ICMP include: