create

Use the create command to create an exception filter. The create command is available from the topology:<named-topology>:l3:exception context of the CLI for b@ac, physical, and routed topologies.

create pos proto {udp|tcp|ah|esp|none|icmp|gre|0-255} A.B.C.D/0-32 [(port 0-65535[ 0-65535])|(type 0-255 [0-255])] in (none|src|dst|both) (allow|deny)

Parameters

pos Specifies a position value for this filter in the filter list. Valid values are from 0–255.
proto {udp|tcp|ah|esp|none |icmp|gre|0-255} Specifies the protocol for this filter rule by number or name. Valid number values are from 0–255. Valid name values are:
  • udp - UDP protocol
  • tcp - TCP protocol
  • ah - Authentication Header protocol
  • esp - Encapsulating Security Payload protocol
  • none - No protocols
  • icmp - ICMP protocol
  • gre - Generic Route Encapsulation protocol
A.B.C.D/0-32 Specifies the IPv4 IP address and mask.
(port 0-65535[ 0-65535]) Specifies a TCP or UDP port or port range to which this filter rule will be applied. The first value specifies either the port or the start of a port range. The second value optionally specifies the end of a port range. This parameter is only valid when either TCP or UDP is the specified protocol. Valid port values are from 0–65535.
(type 0-255 [0-255]) Specifies an ICMP type or range of ICMP types. This parameter is only valid when ICMP is the specified protocol. Valid values are from 0–255.
in (none|src|dst|both) Specifies the direction of packet flow — in specifies a packet flow from the AP to the AC.

none specifies that the in direction will not be used as matching criteria in the filter rule.

dst specifies that the IP address for this filter rule is the destination of the packet flow.

src specifies that the IP address for this filter rule is the source of the packet flow.

both specifies that the IP address for this filter rule can be either source or destination.

(allow|deny) Specifies whether packets will be allowed or denied when meeting the criteria specified in the filter rule.

Usage

If the specified exception filter position already contains an exception filter, specifying an exception filter using this command inserts the exception filter in the specified position in the list and resequences all filters below this filter down by one position. Use the create command to insert or append a rule at the specified position.

Example

The following example creates an exception filter:

EWC.extremenetworks.com:topology:r1:l3:exceptions# create 2 proto tcp 1.1.1.1/32 port 80 in dst deny