Filter
Top Products
DES-7200 Configuration Guide Chapter 1 Access Control List
Configuration
1-20
will be checked by the ACL rule. A user can define any combination of TCP Flags to
filter some messages with specific TCP Flags.
For example,
permit tcp any any match-all rst
Allow the messages with a TCP Flag RST set and 0 in other positions to pass
Note
When the protocol number of the naming ACL and numerical value
configuration is TCP, you can select to configure this filtering feature.
MAC extended and IP standard ones do not have this function.
Please configure a TCP Flag by following these steps:
Command Function
DES-7200(config)# ip access-list extended { id |
name }
Enter the access list configuration mode
DES-7200(config-ext-nacl)# [sn] [permit | deny]
tcp source source-wildcard [ operator port
[port] ] destination destination-wildcard
[operator port [ port ]] [match-all
flag-name][precedence precedence]
Add table entries for ACL. For details
about commands, please see
command reference.
DES-7200(config-exp-nacl)# exit
DES-7200(config)# interface interface
Exit from the access control list mode
and select the interface to which the
access list is to be applied.
DES-7200(config-if)# ip access-group {id |
name} {in | out}
Apply the access list to the specific
interface
The following example explains how to configure a TCP Flag
Enable permission and password
DES-7200> enable
DES-7200#
Enter the global configuration mode.
DES-7200# configure terminal
Enter the ACL configuration mode.
DES-7200(config)# ip access-list extended test-tcp-flag
Add an ACL entry
DES-7200(config-ext-nacl)# permit tcp any any match-all rst
Add a deny entry
DES-7200(config-ext-nacl)# deny tcp any any match-all fin
Adding/delete entries repeatedly.