Home > Motorola > Wireless > Motorola Wing 5 Manual

Motorola Wing 5 Manual

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual Motorola Wing 5 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 249 Motorola manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 1128
    Add page 761 to Favourites
    image text
    Enable zoom 
    							ACCESS-LIST 12 - 7
[eq [|bgp|dns|ftp|ftp-data|gopher|https|ldap|nntp|ntp|pop3|
smtp|ssh|telnet|tftp|www]|range  ] 
[log rule-precedence |rule-precedence ] 
{rule-description }
tcp Configures the ACL for TCP packets
udp Configures the ACL for UDP packets
 Sets the IP address and mask as the source to deny access
any Identifies all devices as the source to deny access
host  Identifies a specific host as the source to deny access
  – Specify the host IP address.
eq  Identifies a specific source port
  – Specify the source port.
range  
Specifies the source port range
  – Specify the start in the port range.
  – Specify the end in the port range.
 Sets the IP address and mask as the destination to deny access
any Identifies all devices as the destination to deny access
host  Identifies a specific host as the destination to deny access
  – Specify the host IP address.
eq [
|bgp|dns|ftp|ftp-data|gopher|
https|ldap|nntp|ntp|pop3|
smtp|ssh|telnet|tftp|www]Identifies a specific destination or protocol port
  – The destination port designated by its number
 bgp – The designated BGP protocol port
 dns – The designated DNS protocol port
 ftp – The designated FTP protocol port
 ftp-data – The designated FTP data port
 gropher – The designated GROPHER protocol port
 https – The designated HTTPS protocol port
 ldap – The designated LDAP protocol port
 nntp – The designated NNTP protocol port
 ntp – The designated NTP protocol port
 pop3 – The designated POP3 protocol port
 smtp – The designated SMTP protocol port
 ssh – The designated SSH protocol port
 telnet – The designated Telnet protocol port
 tftp – The designated TFTP protocol port
 www – The designated www protocol port
range  
Specifies the destination port range
  – Specify the start in the port range.
  – Specify the end in the port range.
    Add page 762 to Favourites
    image text
    Enable zoom 
    							12 - 8 WiNG CLI Reference Guide
Usage Guidelines
Use this command to deny traffic between networks/hosts based on the protocol type selected in the access list 
configuration. The following protocols are supported:



 udp
 proto
The last ACE in the access list is an implicit deny statement.
Whenever the interface receives the packet, its content is checked against the ACEs in the ACL. It is allowed/denied based 
on the ACL configuration.
 Filtering TCP/UDP allows the user to specify port numbers as filtering criteria
 Select ICMP as the protocol to allow/deny ICMP packets. Selecting ICMP provides the option of filtering ICMP 
packets based on ICMP type and code
Examples
rfs7000-37FABE(config-ip-acl-test)#show context
ip access-list test
rfs7000-37FABE(config-ip-acl-test)#deny proto vrrp any any log rule-precedence 600
rfs7000-37FABE(config-ip-acl-test)#deny proto ospf any any log rule-precedence 650
rfs7000-37FABE(config-ip-acl-test)#show context
ip access-list test
 deny proto vrrp any any log rule-precedence 600
 deny proto ospf any any log rule-precedence 650
Related Commands
log Logs all deny events
rule-precedence  Sets the rule precedence. Rules are checked in an increasing order of precedence
  – Specify the rule precedence from 1 - 5000.
rule-description 
Optional. Sets the rule description
  – Provide a description of the rule. The description should 
not exceed 128 characters.
NOTE: The log option is functional only for router ACL’s. The log option displays an 
informational logging message about the packet that matches the entry sent to the 
console.
noResets values or disables IP access deny command
    Add page 763 to Favourites
    image text
    Enable zoom 
    							ACCESS-LIST 12 - 9
12.1.2 no
ip-access-list
Negates a command or sets its default
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6521
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
no [deny|permit]
no [deny|permit] [icmp|ip|prpto|tcp|udp]
no [deny|permit] icmp [|any|host ] [|any|
host ]   (log,mark [8021p |dscp ],
rule-precedence ) {rule-description }
no [deny|permit] ip [|any|host ] [|any|
host ] (log,mark [8021p |dscp ],rule-precedence ) 
{rule-description }
no [deny|permit] proto [||eigrp|gre|igmp|igp|
ospf|vrrp] [|any|host ] [|any|host ] 
(log,mark [8021p |dscp ],rule-precedence ) 
{rule-description }
no [deny|permit] [tcp|udp] [|any|host ] [eq |
range  ] [|any|host ] 
[eq [|bgp|dns|ftp|ftp-data|gopher|https|ldap|nntp|ntp|pop3|
smtp|ssh|telnet|tftp|www]|range  ] 
[log rule-precedence |rule-precedence ] 
{rule-description }
Parameters
• no [deny|permit] icmp [|any|host ] [|
any|host ]   (log,mark [8021p |dscp ],
rule-precedence ) {rule-description }
no deny Removes a deny rule
no permit Removes a permit rule
icmp Removes the ACL for ICMP packets
 Sets the IP address and mask as the source to permit/deny access
    Add page 764 to Favourites
    image text
    Enable zoom 
    							12 - 10 WiNG CLI Reference Guide
• no [deny|permit] ip [|any|host ] [|any|
host ] (log,mark [8021p |dscp ],rule-precedence ) 
{rule-description }
any Identifies all devices as the source to permit/deny access
host  Identifies a specific host as the source to permit/deny access
  – Specify the host IP address.
 Sets the IP address and mask as the destination to permit/deny access
any Identifies all devices as the destination to permit/deny access
host  Identifies a specific host as the destination to permit/deny access
  – Specify the host IP address.
 Defines the ICMP packet type
For example, an ICMP type 0 indicates it is an ECHO REPLY, and type 8 indicates it 
is an ECHO
 Defines the ICMP message type
For example, an ICMP code 3 indicates “Destination Unreachable”, code 1 
indicates “Host Unreachable”, and code 3 indicates “Port Unreachable.”
log Logs all permit/deny events
mark [8021p |dscp  Marks each packet that matches the ACL rule
 8021p  – Modifies 802.1p VLAN user priority from 0 - 7
 dscp  – Modifies DSCP TOS bits in the IP header from 0 - 63
rule-precedence  Sets the rule precedence. Rules are checked in the order of their rule precedence
  – Specify the rule precedence from 1 - 5000.
rule-description 
Optional. Sets the rule description
  – Provide a description of the rule. The description 
should not exceed 128 characters.
no deny Removes a deny rule
no permit Removes a permit rule
ip Removes the ACL for IP packets
 Sets the IP address and mask as the source to permit/deny access
any Identifies all devices as the source to permit/deny access
host  Identifies a specific host as the source to permit/deny access
  – Specify the host IP address.
 Sets the IP address and mask as the destination to permit/deny access
any Identifies all devices as the destination to permit/deny access
host  Identifies a specific host as the destination to permit/deny access
  – Specify the host IP address.
    Add page 765 to Favourites
    image text
    Enable zoom 
    							ACCESS-LIST 12 - 11
• no [deny|permit] proto [||eigrp|gre|igmp|igp|
ospf|vrrp] [|any|host ] [|any|
host ] (log,mark [8021p |dscp ],rule-precedence ) 
{rule-description }
log Logs all permit/deny events
mark [8021p |dscp  Marks packets that match the ACL rule
 8021p  – Modifies 802.1p VLAN user priority from 0 - 7
 dscp  – Modifies DSCP TOS bits in the IP header from 0 - 63
rule-precedence  Sets the rule precedence. Rules are checked in the order of their rule precedence
  – Specify the rule precedence from 1 - 5000.
rule-description 
Optional. Sets the rule description
  – Provide a description of the rule. The description 
should not exceed 128 characters.
no deny Removes a deny rule
no permit Removes a permit rule
proto Removes ACLs for additional protocols
Additional protocols (other than IP, ICMP, TCP, and UDP) must be removed using this 
parameter
 Identifies an IANA protocol number
 Identifies an IANA protocol name
eigrp Identifies the EIGRP protocol
gre Identifies the GRE protocol
igmp Identifies the IGMP protocol
igp Identifies any private internal gateway (primarily used by CISCO for their IGRP)
ospf Identifies the OSPF protocol
vrrp Identifies the VRRP protocol
 Sets the IP address and mask as the source to permit/deny access
any Identifies all devices as the source to permit/deny access
host  Identifies a specific host as the source to permit/deny access
  – Specify the host IP address.
 Sets the IP address and mask as the destination to permit/deny access
any Identifies all devices as the destination to permit/deny access
host  Identifies a specific host as the destination to permit/deny access
  – Specify the host IP address.
log Logs all permit/deny events
    Add page 766 to Favourites
    image text
    Enable zoom 
    							12 - 12 WiNG CLI Reference Guide
• no [deny|permit] [tcp|udp] [|any|host ] [eq |
range  ] [|any|host ] 
[eq [|bgp|dns|ftp|ftp-data|gopher|https|ldap|nntp|ntp|pop3|
smtp|ssh|telnet|tftp|www]|range  ] 
[log rule-precedence |rule-precedence ] 
{rule-description }
mark [8021p |dscp  Marks packets that match the ACL rule
 8021p  – Modifies 802.1p VLAN user priority from 0 - 7
 dscp  – Modifies DSCP TOS bits in the IP header from 0 - 63
rule-precedence  Sets the rule precedence. Rules are checked in the order of their rule precedence
  – Specify the rule precedence from 1 - 5000.
rule-description 
Optional. Sets the rule description
  – Provide a description of the rule. The description should 
not exceed 128 characters.
no deny Removes a deny rule
no permit Removes a permit rule
tcp Removes the ACL for TCP packets
udp Removes the ACL for UDP packets
 Sets the IP address and mask as the source to permit/deny access
any Identifies all devices as the source to permit/deny access
host  Identifies a specific host as the source to permit/deny access
  – Specify the host IP address
eq  Identifies a specific source port
  – Specify the source port
range  
Identifies the source port range
  – Specify the start of the range.
  – Specify the end of the range.
 Sets the IP address and mask as the destination to permit/deny access
any Identifies all devices as the destination to permit/deny access
host  Identifies a specific host as the destination to permit/deny access
  – Specify the host IP address.
    Add page 767 to Favourites
    image text
    Enable zoom 
    							ACCESS-LIST 12 - 13
Usage Guidelines
Removes an access list control entry. Provide the rule-precedence value when using the no command.
Examples
rfs7000-37FABE(config-ip-acl-test)#show context
ip access-list test
 deny proto vrrp any any log rule-precedence 600
 deny proto ospf any any log rule-precedence 650
 permit ip 172.16.10.0/24 any log rule-precedence 750
 permit tcp 172.16.10.0/24 any log rule-precedence 800
rfs7000-37FABE(config-ip-acl-test)#no permit ip 172.16.10.0/24 any log rule-
precedence 750
rfs7000-37FABE(config-ip-acl-test)#show context
ip access-list test
 deny proto vrrp any any log rule-precedence 600
 deny proto ospf any any log rule-precedence 650
 permit tcp 172.16.10.0/24 any log rule-precedence 800
eq [
|bgp|dns|ftp|ftp-data|gopher|
https|ldap|nntp|ntp|pop3|
smtp|ssh|telnet|tftp|www]Identifies a specific destination or protocol port
  – The destination port designated by its number
 bgp – The designated BGP protocol port
 dns – The designated DNS protocol port
 ftp – The designated FTP protocol port
 ftp-data – The designated FTP data port
 gropher – The designated GROPHER protocol port
 https – The designated HTTPS protocol port
 ldap – The designated LDAP protocol port
 nntp – The designated NNTP protocol port
 ntp – The designated NTP protocol port
 pop3 – The designated POP3 protocol port
 smtp – The designated SMTP protocol port
 ssh – The designated SSH protocol port
 telnet – The designated Telnet protocol port
 tftp – The designated TFTP protocol port
 www – The designated www protocol port
range  
Identifies the destination port range
  – Specify the start of the range.
  – Specify the end of the range.
log Logs all permit/deny events
rule-precedence  Sets the rule precedence. Rules are checked in the order of their rule precedence
  – Specify the rule precedence from 1 - 5000.
rule-description 
Optional. Sets the rule description
  – Provide a description of the rule. The description should 
not exceed 128 characters.
    Add page 768 to Favourites
    image text
    Enable zoom 
    							12 - 14 WiNG CLI Reference Guide
Related Commands
denyCreates a deny ACL
permitCreates a permit ACL
    Add page 769 to Favourites
    image text
    Enable zoom 
    							ACCESS-LIST 12 - 15
12.1.3 permit
ip-access-list
Permits specific packets
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6521
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
permit [icmp|ip|proto|tcp|udp
permit icmp [|any|host ] [|any|host ] 
  (log,mark [8021p |dscp ],
rule-precedence ) {rule-description }
permit ip [|any|host ] [|any|host ] 
(log,mark [8021p |dscp ],rule-precedence ) 
{rule-description }
permit proto [||eigrp|gre|igmp|igp|ospf|vrrp] 
[|any|host ] [|any|host ] 
(log,mark [8021p |dscp ],rule-precedence ) 
{rule-description }
permit [tcp|udp] [|any|host ] [eq |
range  ] [|any|host ] 
[eq [|bgp|dns|ftp|ftp-data|gopher|https|ldap|nntp|ntp|pop3|
smtp|ssh|telnet|tftp|www]|range  ] 
[log rule-precedence |rule-precedence ] 
{rule-description }
NOTE: Use a decimal value representation to implement a permit/deny designation 
for a packet. The command set for IP ACLs provide the hexadecimal values for each 
listed EtherType. The controller supports all EtherTypes. Use the decimal equivalent of 
the EtherType listed for any other EtherType.
    Add page 770 to Favourites
    image text
    Enable zoom 
    							12 - 16 WiNG CLI Reference Guide
Parameters
• permit icmp [|any|host ] [|any|
host ]   (log,mark [8021p |dscp ],
rule-precedence ) {rule-description }
• permit ip [|any|host ] [|any|host ] 
(log,mark [8021p |dscp ],rule-precedence ) 
{rule-description }
icmp Configures an ACL for ICMP packets
 Sets the IP address and mask as the source to permit access
any Permits traffic from all potential sources
host  Permits traffic from a specific host
  – Specify the host IP address.
 Sets the IP address and mask as the destination to permit access
any Permits traffic to all destinations
host  Permits traffic to a specific host
  – Specify the host IP address.
 Defines the ICMP packet type
For example, an ICMP type 0 indicates it is an ECHO REPLY, and type 8 indicates it 
is an ECHO
 Defines the ICMP message type
For example, an ICMP code 3 indicates “Destination Unreachable”, code 1 
indicates “Host Unreachable”, and code 3 indicates “Port Unreachable.”
log Logs all permit events
mark [8021p |dscp  Marks packets that match the ACL rule
 8021p  – Modifies 802.1p VLAN user priority from 0 - 7
 dscp  – Modifies DSCP TOS bits in the IP header from 0 - 63
rule-precedence  Sets the rule precedence. Rules are checked in the order of their rule precedence
  – Specify the rule precedence from 1 - 5000.
rule-description 
Optional. Sets the rule description
  – Provide a description of the rule. The description 
should not exceed 128 characters.
ip Configures an ACL for IP packets
 Sets the IP address and mask as the source to permit access
any Permits traffic from all potential sources
host  Permits traffic from a specific host
  – Specify the host IP address.
 Sets the IP address and mask as the destination to permit access
    All Motorola manuals Comments (0)