Home > Motorola > Wireless > Motorola Wing 5 Manual

Motorola Wing 5 Manual

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual Motorola Wing 5 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 249 Motorola manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 1128
    Add page 751 to Favourites
    image text
    Enable zoom 
    							ASSOCIATION-ACL-POLICY 11 - 5
11.1.2 no
association-acl-policy
Negates a command or sets its default
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6521
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
no [deny|permit]
no deny  precedence 
no deny   precedence 
no permit  precedence 
no permit   precedence 
Parameters
• deny  precedence 
• deny   precedence 
no deny Removes a single device or a set of devices from the deny list
 To remove a single device, enter its MAC address in the  parameter.
precedence  Sets the rule precedence. Rules are checked in an increasing order of precedence 
value.
  – Specify the value from 1 - 1000.
no deny Removes a single device or a set of devices from the deny list
To remove a set of devices, enter the range of MAC addresses.
 Specify the first MAC address in the range.
 Specify the last MAC address in the range.
precedence  Sets the rule precedence. Rules are checked in an increasing order of precedence 
value.
  – Specify a value from 1 - 1000.
    Add page 752 to Favourites
    image text
    Enable zoom 
    							11 - 6 WiNG CLI Reference Guide
• no permit  precedence 
• no permit   precedence 
Examples
rfs7000-37FABE(config-assoc-acl-test)#show context
association-acl-policy test
 deny 11-22-33-44-55-01 11-22-33-44-55-FF precedence 150
 deny 11-22-33-44-56-01 11-22-33-44-56-01 precedence 160
 permit 11-22-33-44-66-01 11-22-33-44-66-FF precedence 170
 permit 11-22-33-44-67-01 11-22-33-44-67-01 precedence 180
rfs7000-37FABE(config-assoc-acl-test)#no deny 11-22-33-44-56-01 precedence 160
rfs7000-37FABE(config-assoc-acl-test)#show context
association-acl-policy test
 deny 11-22-33-44-55-01 11-22-33-44-55-FF precedence 150
 permit 11-22-33-44-66-01 11-22-33-44-66-FF precedence 170
 permit 11-22-33-44-67-01 11-22-33-44-67-01 precedence 180
rfs7000-37FABE(config-assoc-acl-test)#no  permit 11-22-33-44-67-01 11-22-33-44-67-01 
precedence 180
rfs7000-37FABE(config-assoc-acl-test)#show context
association-acl-policy test
 deny 11-22-33-44-55-01 11-22-33-44-55-FF precedence 150
 permit 11-22-33-44-66-01 11-22-33-44-66-FF precedence 170
Related Commands
no permit Removes a single device or a set of devices from the permit list
 To remove a single device, enter its MAC address in the  parameter.
precedence  Sets the rule precedence. Rules are checked in an increasing order of precedence 
value.
  – Specify a value from 1 - 1000.
no permit Removes a single device or a set of devices from the permit list
To remove a set of devices, enter the range of MAC addresses.
 Specify the first MAC address in the range.
 Specify the last MAC address in the range.
precedence  Sets the rule precedence. Rules are checked in an increasing order of precedence 
value.
  – Specify a value from 1 - 1000.
denyAdds a device or a set of devices to the deny list
permitAdds a device or a set of devices to the permit list
    Add page 753 to Favourites
    image text
    Enable zoom 
    							ASSOCIATION-ACL-POLICY 11 - 7
11.1.3 permit
association-acl-policy
Specifies devices permitted access to the wireless controller managed network. Devices are permitted access based on 
their MAC address. A single MAC address or a range of MAC addresses can be specified. This command also sets the 
precedence on how permit list rules are applied. Up to a thousand (1000) deny rules can be defined.
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6521
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
permit  [|precedence]
permit  precedence 
permit   precedence 
Parameters
• permit  precedence 
• permit   precedence 
permit Adds a single device or a set of devices to the permit list
 To add a single device, enter its MAC address in the  parameter.
precedence  Sets a rule precedence. Rules are checked in an increasing order of precedence value
  – Specify a value from 1 - 1000. 
permit Adds a single device or a set of devices to the permit list
To add a set of devices, provide the range of MAC addresses.
 Specify the first MAC address of the range.
 Specify the last MAC address of the range.
precedence  Sets a rule precedence. Rules are checked in an increasing order of precedence 
value.
  – Specify a value from 1 - 1000.
    Add page 754 to Favourites
    image text
    Enable zoom 
    							11 - 8 WiNG CLI Reference Guide
Examples
rfs7000-37FABE(config-assoc-acl-test)#show context
association-acl-policy test
 deny 11-22-33-44-55-01 11-22-33-44-55-FF precedence 150
 deny 11-22-33-44-56-01 11-22-33-44-56-01 precedence 160
rfs7000-37FABE(config-assoc-acl-test)#
rfs7000-37FABE(config-assoc-acl-test)# permit 11-22-33-44-66-01 11-22-33-44-66-FF 
precedence 170
rfs7000-37FABE(config-assoc-acl-test)# permit 11-22-33-44-67-01 precedence 180
rfs7000-37FABE(config-assoc-acl-test)#show context
association-acl-policy test
 deny 11-22-33-44-55-01 11-22-33-44-55-FF precedence 150
 deny 11-22-33-44-56-01 11-22-33-44-56-01 precedence 160
 permit 11-22-33-44-66-01 11-22-33-44-66-FF precedence 170
 permit 11-22-33-44-67-01 11-22-33-44-67-01 precedence 180
Related Commands
noRemoves a device or a set of devices from the permit list
    Add page 755 to Favourites
    image text
    Enable zoom 
    							CHAPTER 12 ACCESS-LIST
This chapter summarizes IP and MAC access list commands in detail.
Access lists control access to the network using a set of rules. Each rule specifies an action taken when a packet matches 
a given set of rules. If the action is deny, the packet is dropped. If the action is permit, the packet is allowed. The controller 
supports the following ACLs:
 IP access lists
 MAC access lists
Use IP and MAC commands under the global configuration to create an access list.
 When the access list is applied on an Ethernet port, it becomes a port ACL
 When the access list is applied on a VLAN interface, it becomes a router ACL
Use the (config) instance to configure access list commands. To navigate to the (config-access-list) instance, use the 
following commands:
ip-access-list
rfs7000-37FABE(config)#ip access-list test
rfs7000-37FABE(config-ip-acl-acl)#?
ACL Config commands:
  deny     Specify packets to reject
  no       Negate a command or set its defaults
  permit   Specify packets to forward
  clrscr   Clears the display screen
  commit   Commit all changes made in this session
  end      End current mode and change to EXEC mode
  exit     End current mode and down to previous mode
  help     Description of the interactive help system
  revert   Revert changes
  service  Service Commands
  show     Show running system information
  write    Write running configuration to memory or terminal
rfs7000-37FABE(config-ip-acl-acl)#
    Add page 756 to Favourites
    image text
    Enable zoom 
    							12 - 2 WiNG CLI Reference Guide
mac-access-list
rfs7000-37FABE(config)#mac access-list test
rfs7000-37FABE(config-mac-acl-test)#?
MAC Extended ACL Config commands:
  deny     Specify packets to reject
  no       Negate a command or set its defaults
  permit   Specify packets to forward
  clrscr   Clears the display screen
  commit   Commit all changes made in this session
  end      End current mode and change to EXEC mode
  exit     End current mode and down to previous mode
  help     Description of the interactive help system
  revert   Revert changes
  service  Service Commands
  show     Show running system information
  write    Write running configuration to memory or terminal
rfs7000-37FABE(config-mac-acl-test)#
    Add page 757 to Favourites
    image text
    Enable zoom 
    							ACCESS-LIST 12 - 3
12.1 ip-access-list
ACCESS-LIST
Table 12.1 summarizes commands under the IP access list mode
Table 12.1IP Access List commands
Command Description Reference
denySpecifies packets to rejectpage 12-4
noNegates a command or sets its defaultpage 12-9
permitPermits specific packetspage 12-15
clrscrClears the display screenpage 5-3
commitCommits (saves) changes made in the current sessionpage 5-4
doRuns commands from EXEC modepage 4-66
endEnds and exits the current mode and moves to the PRIV EXEC modepage 5-5
exitEnds the current mode and moves to the previous modepage 5-6
helpDisplays the interactive help systempage 5-7
revertReverts changes to their last saved configurationpage 5-13
serviceInvokes service commands to troubleshoot or debug 
(config-if) 
instance configurationspage 5-14
showDisplays running system informationpage 6-4
writeWrites information to memory or terminalpage 5-42
    Add page 758 to Favourites
    image text
    Enable zoom 
    							12 - 4 WiNG CLI Reference Guide
12.1.1 deny
ip-access-list
Specifies packets to reject
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6521
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
deny [icmp|ip|proto|tcp|udp]
deny ip [|any|host ] [|any|host ] 
[log rule-precedence |rule-precedence ] 
{rule-description }
deny icmp [|any|host ] [|
any|host ]   [log rule-precedence |
rule-precedence ] {rule-description }
deny proto [||eigrp|gre|igmp|igp|ospf|vrrp] 
[|any|host ] [|any|host ] 
[log rule-precedence |rule-precedence ] 
{rule-description }]
deny [tcp|udp] [|any|host ] [eq |range  
] [|any|host ] 
[eq [|bgp|dns|ftp|ftp-data|gopher|https|ldap|nntp|ntp|pop3|
smtp|ssh|telnet|tftp|www]|range  ] 
[log rule-precedence |rule-precedence ] 
{rule-description }]
Parameters
• deny icmp [|any|host ] [|
any|host ]   [log rule-precedence |
rule-precedence ] {rule-description }
NOTE: Use a decimal value representation to implement a permit/deny designation 
for a packet. The command set for IP ACLs provides the hexadecimal values for each 
listed EtherType. The wireless controller supports all EtherTypes. Use the decimal 
equivalent of the EtherType listed for any other EtherType.
icmp Configures the ACL for Internet Control Message Protocol (ICMP) packets
 Sets the IP address and mask as the source to deny access
    Add page 759 to Favourites
    image text
    Enable zoom 
    							ACCESS-LIST 12 - 5
• deny ip [|any|host ] [|any|host ] 
[log rule-precedence |rule-precedence ] 
{rule-description }
any Identifies all devices as the source to deny access
host  Identifies a specific host as the source to deny access
  – Specify the host IP address.
 Sets the IP address and mask as the destination to deny access
any Identifies all devices as the destination to deny access
host  Identifies a specific host as the destination to deny access
  – Specify the host IP address.
 Defines the ICMP packet type
For example, an ICMP type 0 indicates it is an ECHO REPLY, and type 8 indicates it is an 
ECHO.
 Defines the ICMP message type
For example, an ICMP code 3 indicates “Destination Unreachable”, code 1 indicates 
“Host Unreachable”, and code 3 indicates “Port Unreachable.”
log Logs all deny events
rule-precedence  Sets the rule precedence. Rules are checked in an increasing order of precedence
  – Specify the rule precedence from 1 - 5000.
rule-description 
Optional. Defines the rule description
  – Provide a description of the rule. The description should not 
exceed 128 characters.
ip Configures the ACL for IP packets
 Sets the IP address and mask as the source to deny access
any Identifies all devices as the source to deny access
host  Identifies a specific host as the source to deny access
  – Specify the host IP address.
 Sets the IP address and mask as the destination to deny access
any Identifies all devices as the destination to deny access
host  Identifies a specific host as the destination to deny access
  – Specify the host IP address.
log Logs all deny events
    Add page 760 to Favourites
    image text
    Enable zoom 
    							12 - 6 WiNG CLI Reference Guide
• deny proto [||eigrp|gre|igmp|igp|ospf|vrrp] 
[|any|host ] [|any|host ] 
[log rule-precedence |rule-precedence ] 
{rule-description }
• deny [tcp|udp] [|any|host ] [eq |
range  ] [|any|host ] 
rule-precedence  Sets the rule precedence. Rules are checked in an increasing order of precedence
  – Specify the rule precedence from 1 - 5000.
rule-description 
Optional. Defines the rule description
  – Provide a description of the rule. The description should not 
exceed 128 characters.
proto Configures the ACL for additional protocols
Additional protocols (other than IP, ICMP, TCP, and UDP) must be configured using this 
parameter
 Filters protocols using their Internet Assigned Numbers Authority (IANA) protocol 
number
 Filters protocols using their IANA protocol name
eigrp Identifies the Enhanced Internet Gateway Routing Protocol (EIGRP) protocol
gre Identifies the General Routing Encapsulation (GRE) protocol
igmp Identifies the Internet Group Management Protocol (IGMP) protocol
igp Identifies any private internal gateway (primarily used by CISCO for their IGRP)
ospf Identifies the Open Shortest Path First (OSPF) protocol
vrrp Identifies the Virtual Router Redundancy Protocol (VRRP) protocol
 Sets the IP address and mask as the source to deny access
any Identifies all devices as the source to deny access
host  Identifies a specific host as the source to deny access
  – Specify the host IP address.
 Sets the IP address and mask as the destination to deny access
any Identifies all devices as the destination to deny access
host  Identifies a specific host as the destination to deny access
  – Specify the host IP address.
log Logs all deny events
rule-precedence  Sets the rule precedence. Rules are checked in an increasing order of precedence
  – Specify the rule precedence from 1 - 5000.
rule-description 
Optional. Sets the rule description
  – Provide a description of the rule. The description should 
not exceed 128 characters.
    All Motorola manuals Comments (0)