You are here: Home > CLI Commands > Just_CLI_Topics > ip access-list geolocation

ip access-list geolocation

ip access-list geolocation <accname>

deny

{[<from>|<to> {anonymous_proxy [log|mirror|position]|any [log|mirror|position]}|country <STRING>|region <STRING>]}

no ...

permit

{[<from>|<to> {anonymous_proxy [log|mirror|position]|any [log|mirror|position]}|country <STRING>|region <STRING>]}

Description

This command configures a geolocation ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port..

Syntax

Parameter

Description

<accname>

Define an access list, where <accname> is a name, or a number in the specified range.

deny <from|to>

Reject the specified packets, which can be one of the following:

Packets coming from the source.

Packets meant for the destination.

anonymous_proxy <log|mirror|position>

Match packets from or to an anonymous proxy. It has the following options:

Log if the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. is applied.

Mirror all session packets to datapath or remote destination.

Filter position. The position number is in the range of <1-2000>. The default is last, and 1 is first position.

any <log|mirror|position>

Match any location. It has the following options:

Log if the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. is applied.

Mirror all session packets to datapath or remote destination.

Filter position. The position number is in the range of <1-2000>. The default is last, and 1 is first position.

country <STRING>

Match packets from or to a country. The <STRING> denotes country name.

NOTE: Use double quotes to specify country names with spaces in the name.

region <STRING>

Match packets from or to a region. The <STRING> denotes region name.

NOTE: Use double quotes to specify region names with spaces in the name.

no

Negates any configured parameter.

permit <from|to>

Allow the specified packets, which can be one of the following:

Packets coming from the source.

Packets meant for the destination.

anonymous_proxy <log|mirror|position>

Match packets from or to an anonymous proxy. It has the following options:

Log if the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. is applied.

Mirror all session packets to datapath or remote destination.

Filter position. The position number is in the range of <1-2000>. The default is last, and 1 is first position.

any <log|mirror|position>

Match any location. It has the following options:

Log if the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. is applied.

Mirror all session packets to datapath or remote destination.

Filter position. The position number is in the range of <1-2000>. The default is last, and 1 is first position.

country <STRING>

Match packets from or to a country. The <STRING> denotes country name.

NOTE: Use double quotes to specify country names with spaces in the name.

region <STRING>

Match packets from or to a region. The <STRING> denotes region name.

NOTE: Use double quotes to specify region names with spaces in the name.

Example

The following command configures a geolocation ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.:

(host) [mynode] (config) #ip access-list geolocation global-geolocation-acl

(host) [mynode] (config-submode)#permit from any mirror position 3

Command History

Version

Modification

ArubaOS 8.2.0.0

Command introduced.

Command Information

Platform

License

Command Mode

All platforms

Requires the PEFNGPolicy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel. license.

Config mode on Mobility Master.

/*]]>*/