OnSite 2800 Series User Manual7 • Access control list configuration

Where the syntax is:

Keyword

Meaning

 

 

src

The source address to be included in the rule. An IP address in dotted-decimal-format,

 

e.g. 64.231.1.10.

src-wildcard

A wildcard for the source address. Expressed in dotted-decimal format this value specifies

 

which bits are significant for matching. One-bits in the wildcard indicate that the corre-

 

sponding bits are ignored. An example for a valid wildcard is 0.0.0.255, which speci-

 

fies a class C network.

 

 

any

Indicates that IP traffic to or from all IP addresses is to be included in the rule.

host src

The address of a single source host.

 

 

eq port

Optional. Indicates that a packets port must be equal to the specified port in order to

 

match the rule.

lt port

Optional. Indicates that a packets port must be less than the specified port in order to

 

match the rule.

 

 

gt port

Optional. Indicates that a packets port must be greater than the specified port in order to

 

match the rule

range from to

Optional. Indicates that a packets port must be equal or greater than the specified from

 

port and less than the specified to port to match the rule.

 

 

dest

The destination address to be included in the rule. An IP address in dotted-decimal-for-

 

mat, e.g. 64.231.1.10.

dest-wildcard

A wildcard for the destination address. See src-wildcard.

 

 

host dest

The address of a single destination host.

cos

Optional. Specifies that packets matched by this rule belong to a certain Class of Service

 

(CoS). For detailed description of CoS configuration refer to chapter 8, “Link scheduler

 

configuration” on page 93.

 

 

cos-rtp

Optional. Specifies that the rule is intended to filter RTP/RTCP packets. In this mode you

 

can specify different CoS groups for data packets (even port numbers) and control pack-

 

ets (odd port numbers). Note: this option is only valid when protocol UDP is selected.

group

CoS group name.

 

 

group-data

CoS group name for RTP data packets. Only valid when the rtp option has been specified

group-ctrl

CoS group name for RTCP control packets. Only valid when the rtp option has been spec-

 

ified.

 

 

Example: Create TCP or UDP access control list entries

Select the access-list profile named WanRx and create the rules for:

Permitting any TCP traffic to host 193.14.2.10 via port 80, and permitting UDP traffic from host 62.1.2.3 to host 193.14.2.11 via any port in the range from 1024 to 2048.

2800(cfg)#profile acl WanRx 2800(pf-acl)[WanRx]#permit tcp any host 193.14.2.10 eq 80

2800(pf-acl)[WanRx]#permit udp host 62.1.2.3 host 193.14.2.11 range 1024 2048 2800(pf-acl)[WanRx]#exit

2800(cfg)#

Access control list configuration task list

88

Page 87 Page 89
Page 88
Image 88
Patton electronic 2800 user manual Group-data
Page 87 Page 89
Top Page Image Contents