You are here: Home > CLI Commands > Just_CLI_Topics > firewall cp

firewall cp

firewall cp

ipv4|ipv6 deny|permit <ip-addr><ip-mask>|any|{host <ip-addr>} proto{<ip-protocol-number> ports <start port number><end port number>}|ftp|http|https|icmp|snmp|ssh|telnet|tftp [bandwidth-contract <name>|<pbwm>]

no...

Description

This command creates whitelist session ACLsAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.. Whitelist ACLsAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. consist of rules that explicitly permit or deny session traffic from being forwarded or not to the managed device. This prohibits traffic from being automatically forwarded to the managed device if it was not specifically denied in a blacklist. The maximum number of entries allowed in the whitelist is 64.

Syntax

Parameter

Description

Range

Default

ipv4|ipv6

Specifies ipv4 or ipv6.

deny|permit

<ip-addr><ip-mask>

Specifies the entry to reject (deny) on the session ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. whitelist.

Specifies an entry that is allowed (permit) on the session ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. whitelist.

any

Specifies any IPv4 or IPv6 source address.

host <ip-addr>

Indicates a specific IPv4 or IPv6 source address.

proto

Specify one of the following protocols used by the session traffic:

ftp

http

https

icmp

scmp

ssh

telnet

tftp

IP protocol number

Specifies the IP protocol number that is permitted or denied.

1-255

start port

Specifies the starting port, in the port range, on which session traffic is running.

1-65535

end port

Specifies the last port, in the port range, on which session traffic is running.

1-65535

bandwidth-contract <name>

Specify the name of a bandwidth contract. configures a bandwidth contract traffic rate, which can then be associated with a whitelist session ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.

<name>

Name of a bandwidth contract.

<pbwm>

Bandwidth rate in packets/seconds.

1–64000

Usage Guidelines

This command turns the session ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. from a blacklist to a whitelist. A rule must exist that explicitly permits the session before it is forwarded to the managed device and the last rule in the list denies everything else.

Example

The following command creates a whitelist ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. that allows on with the source address as 10.10.10.10 and the source mask as 2.2.2.2. The protocol is FTPFile Transfer Protocol. A standard network protocol used for transferring files between a client and server on a computer network. and the bandwidth contract name is mycontract.

(host) [/md] (config-fw-cp) #ipv4 permit 10.10.10.10 2.2.2.2 proto ftp bandwidth-contract name mycontract

The following command creates a whitelist ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. entry that denies traffic using protocol 2 on port 5000 from being forwarded to the managed device:

(host) [/md] (config-fw-cp) #deny proto 6 ports 5000 6000

The following example configures a bandwidth contract named “cp-rate” with a rate of 100 pps.

(host) [/md] (config) #cp-bandwidth-contract cp-rate pps 100

Related Commands

Command

Description

show firewall-cp

Show Control Processor (CP) whitelist ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. info.

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system, except for noted parameters.

Config mode on Mobility Master.

/*]]>*/