Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

config

Use the config command to configure an existing exception filter. The config command is available from the topology:<named-topology>:l3:exceptions context of the CLI for b@ac, physical, and routed topologies.

config pos proto {udp|tcp|ah|esp|none|icmp|gre|0-255} A.B.C.D/0-32 [(port 0-65535[ 0-65535])|(type 0-255 [0-255])] in (none|src|dst|both) (allow|deny)

Parameters

pos Specifies a position value for this filter in the filter list. Valid values are from 0–255.
proto {udp|tcp|ah|esp|none |icmp|gre|0-255} Specifies the protocol for this filter rule by number or name. Valid number values are from 0–255. Valid name values are:
  • udp - UDP protocol
  • tcp - TCP protocol
  • ah - Authentication Header protocol
  • esp - Encapsulating Security Payload protocol
  • none - No protocols
  • icmp - ICMP protocol
  • gre - Generic Route Encapsulation protocol
A.B.C.D/0-32 Specifies the IPv4 IP address and mask.
(port 0-65535[ 0-65535]) Specifies a TCP or UDP port or port range to which this filter rule will be applied. The first value specifies either the port or the start of a port range. The second value optionally specifies the end of a port range. This parameter is only valid when either TCP or UDP is the specified protocol. Valid port values are from 0–65535.
(type 0-255 [0-255]) Specifies an ICMP type or range of ICMP types. This parameter is only valid when ICMP is the specified protocol. Valid values are from 0–255.
in (none|src|dst|both) Specifies the direction of packet flow — in specifies a packet flow from the AP to the AC.

none specifies that the in direction will not be used as matching criteria in the filter rule.

dst specifies that the IP address for this filter rule is the destination of the packet flow.

src specifies that the IP address for this filter rule is the source of the packet flow.

both specifies that the IP address for this filter rule can be either source or destination.
(allow|deny) Specifies whether packets will be allowed or denied when meeting the criteria specified in the filter rule.

Usage

If the specified exception filter position already contains an exception filter, the config command overwrites the existing exception filter. Use the create command to insert or append an exception filter at the specified position.

Example

The following example modifies an existing filter:

EWC.extremenetworks.com:topology:r1:l3:exceptions# config 2 proto tcp 1.1.1.1/32 port 80 in dst allow
Published December 2016prev | next

Email this topicEmail this topic

Print this pagePrint this page