Brocade Communications Systems 6650 manual Num

Extended numbered ACL configuration

The destination-ip hostname parameter specifies the destination IP host for the policy. If you want the policy to match on all destination addresses, enter any.

The icmp-type icmp-numparameter specifies the ICMP protocol type:

•This parameter applies only if you specified icmp as the ip-protocolvalue.

•If you use this parameter, the ACL entry is sent to the CPU for processing.

•If you do not specify a message type, the ACL applies to all types of ICMP messages. The icmp-numparameter can be a value from 0–255.

The icmp-typeparameter can have one of the following values, depending on the software version the device is running:

•any-icmp-type

•echo

•echo-reply

•information-request

•log

•mask-reply

•mask-request

•parameter-problem

•redirect

•source-quench

•time-exceeded

•timestamp-reply

•timestamp-request

•traffic policy

•unreachable

•num

NOTE

The QoS options listed below are only available if a specific ICMP type is specified for the icmp-typeparameter and cannot be used with the any-icmp-typeoption above.

The tcp/udp comparison operator parameter specifies a comparison operator for the TCP or UDP port number. This parameter applies only when you specify tcp or udp as the IP protocol. For example, if you are configuring an entry for HTTP, specify tcp eq http. You can enter one of the following operators:

•eq – The policy applies to the TCP or UDP port name or number you enter after eq.

•established – This operator applies only to TCP packets. If you use this operator, the policy applies to TCP packets that have the ACK (Acknowledgment) or RST (Reset) bits set on (set to “1”) in the Control Bits field of the TCP packet header. Thus, the policy applies only to established TCP sessions, not to new sessions. Refer to Section 3.1, “Header Format”, in RFC 793 for information about this field.

NOTE

This operator applies only to destination TCP ports, not source TCP ports.