Home > Motorola > Wireless > Motorola Wing 5 Manual

Motorola Wing 5 Manual

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual Motorola Wing 5 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 249 Motorola manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 1128
    Add page 771 to Favourites
    image text
    Enable zoom 
    							ACCESS-LIST 12 - 17
• permit proto [||eigrp|gre|igmp|igp|ospf|vrrp] 
[|any|host ] [|any|host ] 
(log,mark [8021p |dscp ],rule-precedence ) 
{rule-description }
any Permits traffic to all destinations
host  Permits traffic to a specific host
  – Specify the host IP address.
log Logs all permit events
mark [8021p |dscp  Marks packets that match the ACL rule
 8021p  – Modifies 802.1p VLAN user priority from 0 - 7
 dscp  – Modifies DSCP TOS bits in the IP header from 0 - 63
rule-precedence  Sets the rule precedence. Rules are checked in the order of their rule precedence
  – Specify the rule precedence from 1 - 5000.
rule-description 
Optional. Sets the rule description
  – Provide a description of the rule. The description 
should not exceed 128 characters.
proto Configures an ACL for additional protocols
Other protocols (other than IP, ICMP, TCP, and UDP) must be configured using this 
parameter.
 Filters protocols using their IANA protocol number
 Filters protocols using their IANA protocol name
eigrp Identifies the EIGRP protocol
gre Identifies the GRE protocol
igmp Identifies the IGMP protocol
igp Identifies any private internal gateway (primarily used by CISCO for their IGRP)
ospf Identifies the OSPF protocol
vrrp Identifies the VRRP protocol
 Sets the IP address and mask as the source to permit access
any Permits traffic from all potential sources
host  Permits traffic from a specific host
  – Specify the host IP address.
 Sets the IP address and mask as the destination to permit access
any Permits traffic to all destinations
host  Permits traffic to a specific host
  – Specify the host IP address.
    Add page 772 to Favourites
    image text
    Enable zoom 
    							12 - 18 WiNG CLI Reference Guide
• permit [tcp|udp] [|any|host ] [eq |
range  ] [|any|host ] 
[eq [|bgp|dns|ftp|ftp-data|gopher|https|ldap|nntp|ntp|pop3|
smtp|ssh|telnet|tftp|www]|range  ] 
(log,mark [8021p |dscp ],rule-precedence ) 
{rule-description }
log Logs all permit events
mark [8021p |dscp  Marks packets that match the ACL rule
 8021p  – Modifies 802.1p VLAN user priority from 0 - 7
 dscp  – Modifies DSCP TOS bits in the IP header from 0 - 63
rule-precedence  Sets the rule precedence. Rules are checked in the order of their rule precedence
  – Specify the rule precedence from 1 - 5000.
rule-description 
Optional. Sets the rule description
  – Provide a description of the rule. The description 
should not exceed 128 characters.
tcp Configures the ACL for TCP packets
udp Configures the ACL for UDP packets
 Sets the IP address and mask as the source to permit access
any Permits traffic from all potential sources
host  Permits traffic from a specific host
  – Specify the host IP address.
eq  Identifies the source port
  – Specify the source port.
range  
Identifies the source port range
  – Specify the start of the range.
  – Specify the end of the range.
 Sets the IP address and mask as the destination to permit access
any Permits traffic to all destinations
host  Permits traffic to a specific host
  – Specify the host IP address.
    Add page 773 to Favourites
    image text
    Enable zoom 
    							ACCESS-LIST 12 - 19
eq [
|bgp|dns|ftp|ftp-data|gopher|
https|ldap|nntp|ntp|pop3|
smtp|ssh|telnet|tftp|www]Identifies a specific destination or protocol port
  – The destination port designated by its number
 bgp – The designated BGP protocol port
 dns – The designated DNS protocol port
 ftp – The designated FTP protocol port
 ftp-data – The designated FTP data port
 gropher – The designated GROPHER protocol port
 https – The designated HTTPS protocol port
 ldap – The designated LDAP protocol port
 nntp – The designated NNTP protocol port
 ntp – The designated NTP protocol port
 pop3 – The designated POP3 protocol port
 smtp – The designated SMTP protocol port
 ssh – The designated SSH protocol port
 telnet – The designated Telnet protocol port
 tftp – The designated TFTP protocol port
 www – The designated www protocol port
range  
Identifies the destination port range
  – Specify the start of the range.
  – Specify the end of the range.
log Logs all permit events
mark [8021p |dscp  Marks packets that match the ACL rule
 8021p  – Modifies 802.1p VLAN user priority from 0 - 7
 dscp  – Modifies DSCP TOS bits in the IP header from 0 - 63
rule-precedence  Sets the rule precedence. Rules are checked in the order of their rule precedence
  – Specify the rule precedence from 1 - 5000.
rule-description 
Optional. Sets the rule description
  – Provide a description of the rule. The description 
should not exceed 128 characters.
    Add page 774 to Favourites
    image text
    Enable zoom 
    							12 - 20 WiNG CLI Reference Guide
Usage Guidelines
Use this command to permit traffic between networks/hosts based on the protocol type selected in the access list. The 
following protocols are supported:



 udp
 proto
The last ACE in the access list is an implicit deny statement. 
Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL. It is allowed based on 
the ACL configuration.
 Filtering on TCP/UDP allows the user to specify port numbers as filtering criteria 
 Select ICMP to allow/deny packets
 Selecting ICMP allows the filter of ICMP packets based on type and node.
Examples
rfs7000-37FABE(config-ip-acl-test)#show context
ip access-list test
 deny proto vrrp any any log rule-precedence 600
 deny proto ospf any any log rule-precedence 650
rfs7000-37FABE(config-ip-acl-test)#permit ip 172.16.10.0/24 any log rule-precedence 
750
rfs7000-37FABE(config-ip-acl-test)#permit tcp 172.16.10.0/24 any log rule-precedence 
800
rfs7000-37FABE(config-ip-acl-test)#show context
ip access-list test
 deny proto vrrp any any log rule-precedence 600
 deny proto ospf any any log rule-precedence 650
 permit ip 172.16.10.0/24 any log rule-precedence 750
 permit tcp 172.16.10.0/24 any log rule-precedence 800
Related Commands
NOTE: The log option is functional only for router ACL’s. The log option displays an 
informational logging message about the packet matching the entry sent to the console.
noResets values or disables IP access permit command
    Add page 775 to Favourites
    image text
    Enable zoom 
    							ACCESS-LIST 12 - 21
12.2 mac-access-list
ACCESS-LIST
Table 12.2 summarizes MAC Access list commands
Table 12.2MAC Access List Commands
Command Description Reference
denyUse this command to specify packets to rejectpage 12-22
noNegates a command or sets its default valuepage 12-25
permitUse this command to specify packets to acceptpage 12-28
clrscrClears the display screenpage 5-3
commitCommits (saves) changes made in the current sessionpage 5-4
doRuns commands from EXEC modepage 4-66
endEnds and exits the current mode and moves to the PRIV EXEC modepage 5-5
exitEnds the current mode and moves to the previous modepage 5-6
helpDisplays the interactive help systempage 5-7
revertReverts changes to their last saved configurationpage 5-13
serviceInvokes service commands to troubleshoot or debug 
(config-if) 
instance configurationspage 5-14
showDisplays running system informationpage 6-4
writeWrites information to memory or terminalpage 5-42
    Add page 776 to Favourites
    image text
    Enable zoom 
    							12 - 22 WiNG CLI Reference Guide
12.2.1 deny
mac-access-list
Specifies packets to reject
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6521
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
deny [|any|host
deny [ |any|host ] 
[ |any|host ] 
(dot1p ,type [8021q||aarp|appletalk|arp|ip|ipv6|mint|rarp|
wisp|ipx],vlan ) [log mark [8021p |dscp ]|
mark [8021p |dscp ]|rule-precedence ] 
{rule-description }
Parameters
• deny [ |any|host ] 
[ |any|host ] 
(dot1p ,type [8021q||aarp|appletalk|arp|ip|ipv6|mint|rarp|
wisp|ipx],vlan ) [log mark [8021p |dscp ]|
mark [8021p |dscp ]|rule-precedence ] 
{rule-description }
NOTE: Use a decimal value representation to implement a permit/deny designation 
for a packet. The command set for MAC ACLs provide the hexadecimal values for each 
listed EtherType. The controller supports all EtherTypes. Use the decimal equivalent of 
the EtherType listed for any other EtherType.
 Configures the source MAC address for this ACL
 Configures the source MAC address mask
any Identifies all devices as the source to deny access
host  Identifies a specific host as the source to deny access
  – Specify the MAC address of the host.
 Sets the IP address and mask as the destination to deny access
    Add page 777 to Favourites
    image text
    Enable zoom 
    							ACCESS-LIST 12 - 23
any Identifies all devices as the destination to deny access
host  Identifies a specific host as the destination deny access
  – Specify the MAC address of the host.
dotp1p  Configures the 802.1p priority value. Sets the service classes for traffic handling
  – Specify a value from 0 - 7.
type [8021q|
    Add page 778 to Favourites
    image text
    Enable zoom 
    							12 - 24 WiNG CLI Reference Guide
Usage Guidelines
The deny command disallows traffic based on layer 2 (data-link layer) data. The MAC access list denies traffic from a 
particular source MAC address or any MAC address. It can also disallow traffic from a list of MAC addresses based on the 
source mask.
The MAC access list can disallow traffic based on the VLAN and EtherType.



 802.1q
The last ACE in the access list is an implicit deny statement. Whenever the interface receives the packet, its content is 
checked against all the ACEs in the ACL. It is allowed/denied based on the ACL’s configuration. 
Examples
rfs7000-37FABE(config-mac-acl-test)#deny 41-85-45-89-66-77 44-22-55-88-77-99 any vlan 
1 log rule-precedence 2 rule-description test
rfs7000-37FABE(config-mac-acl-test)#
The MAC ACL (in the example below) denies traffic from any source MAC address to a particular host MAC address:
rfs7000-37FABE(config-mac-acl-test)#deny any host 00:01:ae:00:22:11rfs7000-37FABE(config-mac-acl-test)#
The example below denies traffic between two hosts based on MAC addresses:
rfs7000-37FABE(config-mac-acl-test)#deny host 01:02:fe:45:76:89 host 
01:02:89:78:78:45
rfs7000-37FABE(config-mac-acl-test)#
Related Commands
NOTE: MAC ACLs always takes precedence over IP based ACLs.
noResets values or disables MAC access deny command
    Add page 779 to Favourites
    image text
    Enable zoom 
    							ACCESS-LIST 12 - 25
12.2.2 no
mac-access-list
Negates a command or sets its default
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6521
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
no [deny|permit]
no [deny|permit] [ |any|host ] 
[ |any|host ] 
(dot1p ,type [8021q||aarp|appletalk|arp|ip|ipv6|mint|rarp|
wisp|ipx],vlan ) [log mark [8021p |dscp ]|
mark [8021p |dscp ]|rule-precedence ] 
{rule-description }
Parameters
• no [deny|permit] [ |any|host ] 
[ |any|host ] 
(dot1p ,type [8021q||aarp|appletalk|arp|ip|ipv6|mint|rarp|
wisp|ipx],vlan ) [log mark [8021p |dscp ]|
mark [8021p |dscp ]|rule-precedence ] 
{rule-description }
 Configures the source MAC address for this ACL
 Configures the source MAC address mask
any Identifies all devices as the source to deny/permit access
host  Identifies a specific host as the source to deny/permit access
  – Specify the MAC address of the host.
 Sets the IP address and mask as the destination to deny/permit access
any Identifies all devices as the destination to deny/permit access
host  Identifies a specific host as the destination to deny/permit access
  – Specify the MAC address of the host.
    Add page 780 to Favourites
    image text
    Enable zoom 
    							12 - 26 WiNG CLI Reference Guide
dotp1p  Configures the 802.1p priority value. Sets the service classes for traffic handling
  – Specify a value from 0 - 7.
type [8021q|
    All Motorola manuals Comments (0)