Manualshelf

Specifications

ManualsBrandsMotorola ManualsSoftwareWiNG 5.2.6
751752753754755756757758759760
12 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide
12.1.1 deny
ip-access-list
Specifies packets to reject
Supported in the following platforms:
Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX
Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500
Syntax
deny [icmp|ip|proto|tcp|udp]
deny ip [<SOURCE-IP/MASK>|any|host <IP>] [<DESTINATION-IP/MASK>|any|host <IP>]
[log rule-precedence <1-5000>|rule-precedence <1-5000>]
{rule-description <RULE-DESCRIPTION>}
deny icmp [<SOURCE-IP/MASK>|any|host <IP>] [<DESTINATION-IP/MASK>|
any|host <IP>] <ICMP-TYPE> <ICMP-CODE> [log rule-precedence <1-5000>|
rule-precedence <1-5000>] {rule-description <RULE-DESCRIPTION>}
deny proto [<PROTOCOL-NUMBER>|<PROTOCOL-NAME>|eigrp|gre|igmp|igp|ospf|vrrp]
[<SOURCE-IP/MASK>|any|host <IP>] [<DESTINATION-IP/MASK>|any|host <IP>]
[log rule-precedence <1-5000>|rule-precedence <1-5000>]
{rule-description <RULE-DESCRIPTION>}]
deny [tcp|udp] [<SOURCE-IP/MASK>|any|host <IP>] [eq <SOURCE-PORT>|range <START-PORT>
<END-PORT>] [<DESTINATION-IP/MASK>|any|host <IP>]
[eq [<DESTINATION-PORT>|bgp|dns|ftp|ftp-data|gopher|https|ldap|nntp|ntp|pop3|
smtp|ssh|telnet|tftp|www]|range <START-PORT> <END-PORT>]
[log rule-precedence <1-5000>|rule-precedence <1-5000>]
{rule-description <RULE-DESCRIPTION>}]
Parameters
• deny icmp [<SOURCE-IP/MASK>|any|host <IP>] [<DESTINATION-IP/MASK>|any|host <IP>]
<ICMP-TYPE> <ICMP-CODE> [log rule-precedence <1-5000>|rule-precedence <1-5000>]
{rule-description <RULE-DESCRIPTION>}
NOTE: Use a decimal value representation to implement a permit/deny designation
for a packet. The command set for IP ACLs provides the hexadecimal values for each
listed EtherType. The wireless controller supports all EtherTypes. Use the decimal
equivalent of the EtherType listed for any other EtherType.
icmp Configures the ACL for Internet Control Message Protocol (ICMP) packets
<SOURCE-IP/MASK> Sets the IP address and mask as the source to deny access
any Identifies all devices as the source to deny access
host <IP> Identifies a specific host as the source to deny access
<IP> – Specify the host IP address.
<DESTINATION-IP/MASK> Sets the IP address and mask as the destination to deny access
any Identifies all devices as the destination to deny access
host <IP> Identifies a specific host as the destination to deny access
<IP> – Specify the host IP address.