Configuring Device Security
Defining Access Control
Cisco Small Business SFE/SGE Managed Switches Administration Guide
115
4
-
EIGRP
—
Enhanced Interior Gateway Routing Protocol
(EIGRP). Provides
fast convergence, support for variable-length subnet mask, and
supports multiple network layer protocols.
-
OSPF
— The
Open Shortest Path First
(OSPF) protocol is a link-state,
hierarchical
Interior Gateway Protocol
(IGP) for network routing Layer
Two (2) Tunneling Protocol, an extension to the PPP protocol that
enables ISPs to operate
Virtual Private Networks
(VPNs).
-
IPIP
—
IP over IP
(IPIP). Encapsulates IP packets to create tunnels
between two routers. This ensure that IPIP tunnel appears as a single
interface, rather than several separate interfaces. IPIP enables tunnel
intranets occur the internet, and provides an alternative to source
routing.
-
PIM
— Matches the packet to
Protocol Independent Multicast
(PIM).
-
L2TP
— Matches the packet to
Layer 2 Internet Protocol
(L2IP).
-
ISIS
—
Intermediate System - Intermediate System
(ISIS). Distributes IP
routing information throughout a single Autonomous System in IP
networks.
-
ANY
— Matches the protocol to any protocol.
•
Source Port — Defines the TCP/UDP source port to which the ACE is matched.
This field is active only if 800/6-TCP or 800/17-UDP are selected in the Select
from List drop-down menu. The possible field range is 0 - 65535.
•
Dest. Port — Defines the TCP/UDP destination port. This field is active only if
800/6-TCP or 800/17-UDP are selected in the Select from List drop-down
menu. The possible field range is 0 - 65535.
•
Flag Set — Sets the indicated TCP flag that can be triggered.
•
ICMP Type — Filters packets by ICMP message type. The field values is 0-255.
•
ICMP Code — Indicates and ICMP message code for filtering ICMP packets.
ICMP packets that are filtered by ICMP message type can also be filtered by
the ICMP message code.
•
Source
-
IP Address — Matches the source port IP address to which packets are
addressed to the ACE.
-
Prefix Length
— Defines the IP route prefix for the destination IP. The
prefix length must be preceded by a forward slash
/
.