D-Link DWS-1008 Product Manual - Page 246

Setting a Source IP ACL

Page 246 highlights

Setting a Source IP ACL You can create an ACE that filters packets based on the source IP address and optionally applies CoS packet handling. You can also determine where the ACE is placed in the security ACL by using the before editbuffer-index or modify editbuffer-index variables with an index number. You can use the hits counter to track how many packets the ACL filters. The simplest security ACL permits or denies packets from a source IP address: set security acl ip acl-name {permit [cos cos] | deny} {source-ip-addr mask | any} [before editbuffer-index | modify editbuffer-index] [hits] For example, to create ACL acl-1 that permits all packets from IP address 192.168.1.4, type the following command: DWS-1008# set security acl ip acl-1 permit 192.168.1.4 0.0.0.0 With the following basic security ACL command, you can specify any of the protocols supported by MSS: set security acl ip acl-name {permit [cos cos] | deny} protocol-number {source-ip-addr mask | any} {destination-ip-addr mask | any} [[precedence precedence] [tos tos] | [dscp codepoint]] [before editbuffer-index | modify editbuffer-index] [hits] The following sample security ACL permits all Generic Routing Encapsulation (GRE) packets from source IP address 192.168.1.11 to destination IP address 192.168.1.15, with a precedence level of 0 (routine), and a type-of-service (TOS) level of 0 (normal). GRE is protocol number 47. DWS-1008# set security acl ip acl-2 permit cos 2 47 192.168.1.11 0.0.0.0 192.168.1.15 0.0.0.0 precedence 0 tos 0 hits The security ACL acl-2 described above also applies the CoS level 2 (medium priority) to the permitted packets. The keyword hits counts the number of times this ACL affects packet traffic. The table below lists common IP protocol numbers. (For a complete list of IP protocol names and numbers, see www.iana.org/assignments/protocol-numbers.) Number 1 2 6 9 17 46 47 50 51 55 88 89 103 112 115 IP Protocol Internet Message Control Protocol (ICMP) Internet Group Management Protocol (IGMP) Transmission Control Protocol (TCP) Any private interior gateway (used by Cisco for Internet Gateway Routing Protocol) User Datagram Protocol (UDP) Resource Reservation Protocol (RSVP) Generic Routing Encapsulation (GRE) protocol Encapsulation Security Payload for IPSec (IPSec-ESP) Authentication Header for IPSec (IPSec-AH) IP Mobility (Mobile IP) Enhanced Interior Gateway Routing Protocol (EIGRP) Open Shortest Path First (OSPF) protocol Protocol Independent Multicast (PIM) protocol Virtual Router Redundancy Protocol (VRRP) Layer Two Tunneling Protocol (L2TP) D-Link DWS-1008 User Manual 227

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374
  • 375
  • 376
  • 377
  • 378
  • 379
  • 380
  • 381
  • 382
  • 383
  • 384
  • 385
  • 386
  • 387
  • 388
  • 389
  • 390
  • 391
  • 392
  • 393
  • 394
  • 395
  • 396
  • 397
  • 398
  • 399
  • 400
  • 401
  • 402
  • 403
  • 404
  • 405
  • 406
  • 407
  • 408
  • 409
  • 410
  • 411
  • 412
  • 413
  • 414
  • 415
  • 416
  • 417
  • 418
  • 419
  • 420
  • 421
  • 422
  • 423
  • 424
  • 425
  • 426
  • 427
  • 428
  • 429
  • 430
  • 431
  • 432
  • 433
  • 434
  • 435
  • 436
  • 437
  • 438
  • 439
  • 440
  • 441
  • 442
  • 443
  • 444
  • 445
  • 446
  • 447
  • 448
  • 449
  • 450
  • 451
  • 452
  • 453
  • 454
  • 455
  • 456
  • 457
  • 458
  • 459
  • 460
  • 461
  • 462
  • 463
  • 464
  • 465
  • 466
  • 467
  • 468
  • 469
  • 470
  • 471
  • 472
  • 473
  • 474
  • 475
  • 476
  • 477
  • 478
  • 479
  • 480
  • 481
  • 482
  • 483
  • 484
  • 485
  • 486
  • 487
  • 488
  • 489
  • 490
  • 491
  • 492
  • 493
  • 494
  • 495
  • 496
  • 497
  • 498
  • 499
  • 500
  • 501
  • 502

D-Link DWS-1008 User Manual
±±¶
Setting a Source IP ACL
You can create an ACE that filters packets based on the source IP address and optionally applies CoS
packet handling. You can also determine where the ACE is placed in the security ACL by using the
before editbuffer-index or modify editbuffer-index variables with an index number. You can use the hits
counter to track how many packets the ACL filters.
The simplest security ACL permits or denies packets from a source IP address:
set security acl ip
acl-name
{permit [cos
cos
] | deny} {
source-ip-addr mask
| any}
[before
editbuffer-index
| modify
editbuffer-index
] [hits]
For example, to create ACL acl-1 that permits all packets from IP address 192.168.1.4, type the following
command:
DWS-1008#
set security acl ip acl-1 permit 192.168.1.4 0.0.0.0
With the following basic security ACL command, you can specify any of the protocols supported by
MSS:
set security acl ip
acl-name
{permit [cos
cos
] | deny} protocol-number
{
source-ip-addr mask
| any} {
destination-ip-addr mask
| any}
[[precedence
precedence
] [tos
tos
] | [dscp
codepoint
]]
[before
editbuffer-index
| modify
editbuffer-index
] [hits]
The following sample security ACL permits all Generic Routing Encapsulation (GRE) packets from
source IP address 192.168.1.11 to destination IP address 192.168.1.15, with a precedence level of 0
(routine), and a type-of-service (TOS) level of 0 (normal). GRE is protocol number 47.
DWS-1008#
set security acl ip acl-2 permit cos 2 47 192.168.1.11 0.0.0.0
192.168.1.15 0.0.0.0 precedence 0 tos 0 hits
The security ACL
acl-2
described above also applies the CoS level 2 (medium priority) to the permitted
packets. The keyword hits counts the number of times this ACL affects packet traffic.
The table below lists common IP protocol numbers. (For a complete list of IP protocol names and
numbers, see www.iana.org/assignments/protocol-numbers.)
Number
IP Protocol
1
Internet Message Control Protocol (ICMP)
2
Internet Group Management Protocol (IGMP)
6
Transmission Control Protocol (TCP)
9
Any private interior gateway (used by Cisco for Internet Gateway Routing Protocol)
17
User Datagram Protocol (UDP)
46
Resource Reservation Protocol (RSVP)
47
Generic Routing Encapsulation (GRE) protocol
50
Encapsulation Security Payload for IPSec (IPSec-ESP)
51
Authentication Header for IPSec (IPSec-AH)
55
IP Mobility (Mobile IP)
88
Enhanced Interior Gateway Routing Protocol (EIGRP)
89
Open Shortest Path First (OSPF) protocol
103
Protocol Independent Multicast (PIM) protocol
112
Virtual Router Redundancy Protocol (VRRP)
115
Layer Two Tunneling Protocol (L2TP)