Extreme Networks ExtremeWare Command Spécifications Page 118

  • Télécharger
  • Ajouter à mon manuel
  • Imprimer
  • Page
    / 254
  • Table des matières
  • DEPANNAGE
  • MARQUE LIVRES
  • Noté. / 5. Basé sur avis des utilisateurs
Vue de la page 117
118 ExtremeWare XOS 10.1 Concepts Guide
Security
source-address 10.203.134.0/24;
destination-address 140.158.18.16/32;
protocol udp;
source-port 190;
destination-port 1200-1400;
} then {
accept;
}
}
The following rule entry accepts TCP packets from the 10.203.134.0/24 subnet with a source port larger
than 190 and ACK & SYN bits set, and also increments the counter tcpcnt:
entry tcpacl {
if {
source-address 10.203.134.0/24;
protocol TCP;
source-port >190;
tcp-flags syn_ack;
} then {
accept;
count tcpcnt ;
}
}
The following example denies ICMP echo request packets from the 10.203.134.0/24 subnet, and
increments the counter icmpcnt:
entry icmp {
if {
source-address 10.203.134.0/24;
protocol icmp;
icmp-type echo-request;
} then {
deny;
count icmpcnt;
}
}
The following entry denies every packet and increments the counter default:
entry default {
if {
} then {
deny;
count default;
}
}
Using Access Lists on the Switch
Once the access list file is on the switch, it can be checked to see if it is syntactically correct. Since an
ACL is a type of policy, use the following command to check the ACL syntax:
check policy <policy-name>
Vue de la page 117
1 2 ... 113 114 115 116 117 118 119 120 121 122 123 ... 253 254

Commentaires sur ces manuels

Pas de commentaire