Cisco 4700M Configuration Manual page 51
Application control engine appliance security
Hide thumbs
Also See for 4700M:
- Administration manual (292 pages) ,
- Upgrade manual (24 pages) ,
- Installation manual (18 pages)
Table of Contents
Advertisement
Chapter 1
Configuring Security Access Control Lists
•
•
•
•
•
For example, to add only a destination (destination keyword is implied) TCP port
to a service object group, enter:
host1/Admin(config-objgrp-serv)# tcp eq 41
Enter additional object-group protocols as required.
To remove the destination TCP port from a service object group, enter:
host1/Admin(config-objgrp-prot)# no tcp
For example, to create a service object group for TCP (source port only), UDP
(source and destination ports), and ICMP, enter:
host1/Admin(config)# object-group service TCP_UDP_ICMP
host1/Admin(config-objgrp-serv)# tcp source eq domain
host1/Admin(config-objgrp-serv)# udp source eq radius eq radius-acct
host1/Admin(config-objgrp-serv)# icmp echo code eq 0
To remove the ICMP protocol from the above service object group, enter:
host1/Admin(config-objgrp-prot)# no icmp echo code eq 0
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
OL-16202-01
port1 port2—IP protocol source port name or port number from which you
permit or deny access to services. Enter a port name or an integer from 0 to
65535. To enter an inclusive range of ports, enter two port numbers following
the range keyword. The port2 value must be greater than or equal to the port1
value. See
Table 1-3
for a list of well-known TCP keywords and port numbers
and
Table 1-4
for a list of well-known UDP keywords and port numbers.
port3 port4—IP protocol destination port name or port number to which you
permit or deny access to services. To enter an optional inclusive range of
ports, enter the range keyword followed by two port numbers. The port4
value must be greater than or equal to the port3 value. See
of well-known TCP keywords and port numbers and
well-known UDP keywords and port numbers.
icmp-type—(Optional) If you entered ICMP as the protocol, specifies the
type of ICMP messaging. Enter either an integer corresponding to the ICMP
code number or one of the ICMP types listed in
code—(Optional) Specifies that a numeric operator and ICMP code follows.
icmp-code1 icmp-code2—Specifies an ICMP code number that corresponds
to an ICMP type. See
Table
codes, enter the range keyword followed by two ICMP code numbers. The
icmp-code1 value must be greater than or equal to the icmp-code2 value. See
Table 1-5
for list of ICMP codes and corresponding ICMP types.
Simplifying Access Control Lists with Object Groups
Table
1-5. To enter an optional inclusive range of ICMP
Table 1-3
for a list
Table 1-4
for a list of
1-5.
1-27
Advertisement
Table of Contents
