User's Manual

Chapter 3 - Operation and Administration Using the CLI NPU Configuration

4Motion 181 System Manual

3.3.10.1.3.1 Configuring Permit/Deny Rules from/to a Specific Protocol and

Source/Destination IP Addresses

After you have created an ACL, you can configure Permit/Deny rules to be applied

for traffic from/to a particular source/destination IP address/subnet, with

respect to a specific protocol.

This section describes the commands to be used for:

 “Creating a Permit/Deny Rule for Specific Protocols/IP Addresses (Extended

Mode)” on page 181

 “Deleting a Permit/Deny Rule for Specific Protocols/IP Addresses (Extended

Mode)” on page 184

3.3.10.1.3.1.1Creating a Permit/Deny Rule for Specific Protocols/IP Addresses

(Extended Mode)

You can create the Permit or Deny rule for traffic from/to a source/ destination IP

address/subnet with respect to the following protocols:

 IP

 OSPF

 Protocol Independent Multicast (PIM)

 Any other protocol

Run the following commands to create the Permit/Deny rule for traffic from and to

a specific IP address/subnet for a particular protocol:

npu(config-ext-nacl)# permit {ip | ospf | pim | <protocol-type

(1-255)>} {any | host <src-ip-address> | <src-ip-address> <mask>}

{any | host <dest-ip-address> | <dest-ip-address> <mask>}

npu(config-ext-nacl)# deny {ip | ospf | pim | <protocol-type

(1-255)>} {any | host <src-ip-address> | <src-ip-address> <mask>}

{any | host <dest-ip-address> | <dest-ip-address> <mask>}

IMPORTANT

You cannot configure Permit or Deny rules for an ACL that is associated with a Qos marking rule.

You can either associate QoS marking rules or permit/deny rules with an ACL.