Filter
Top Products
Chapter 10: Using the Command Line Interface
277
Policy
Description
deny
Drops traffic from the specified IP address range
when the user is a member of the specified role
<insert> is one of the options: insertAbove or insertBelow.
Option
Description
insertAbove
Inserts the new rule above the specified rule
number. Then:
new rule's number = the specified rule number
insertBelow
Inserts the new rule below the specified rule
number. Then:
new rule's number = the specified rule number + 1
<rule_number> is the number of the existing rule which you want to
insert the new rule above or below.
Example
The following command creates a newIPv4 role-based access control
rule and specifies its location in the list.
config:#
security roleBasedAccessControl ipv4 rule add 192.168.78.50 192.168.90.100
admin deny insertAbove 3
Results:
A new IPv4 role-based access control rule is added, dropping all
packets from any IPv4 address between 192.168.78.50 and
192.168.90.100 when the user is a member of the role "admin."
The newly-added IPv4 rule is inserted above the 3rd rule. That is, the
new rule becomes the 3rd rule, and the original 3rd rule becomes the
4th rule.
Modifying a Role-Based Access Control Rule
Depending on what to modify in an existing rule, the command syntax
varies.
IPv4 commands
To modify a rule's IPv4 address range, use this command
syntax: