EKI-9500 Series User Manual
284
Match Criteria (IPv6 ACLs)
Every
When this option is selected, all packets will match the rule and will be
either permitted or denied. This option is exclusive to all other match
criteria, so if Every is selected, no other match criteria can be config-
ured. To configure specific match criteria, this option must be clear.
Protocol
The IANA-assigned protocol number to match within the IP packet.
You can also specify one of the following keywords: ICMPv6, IPv6,
TCP, or UDP.
Fragments
IPv6 ACL rule to match on fragmented IP packets.
Source Prefix / Pre-
fix Length
The IPv6 prefix combined with IPv6 prefix length of the network or host
from which the packet is being sent. To indicate a destination host,
specify an IPv6 prefix length of 128.
Source L4 Port
The TCP/UDP source port to match in the packet header. Select one of
the following options: Equal, Not Equal, Less Than, Greater Than, or
Range and specify the port number or keyword. TCP port keywords
include BGP, Domain, Echo, FTP, FTP Data, HTTP, SMTP, Telnet,
WWW, POP2, and POP3. UDP port keywords include Domain, Echo,
NTP, RIP, SNMP, TFTP, TIME, and WHO.
Destination Prefix /
Prefix Length
The IPv6 prefix combined with the IPv6 prefix length to be compared to
a packet's destination IPv6 address as a match criteria for the IPv6
ACL rule. To indicate a destination host, specify an IPv6 prefix length
of 128.
Destination L4 Port
The TCP/UDP destination port to match in the packet header. Select
one of the following options: Equal, Not Equal, Less Than, Greater
Than, or Range and specify the port number or keyword.
TCP port keywords include BGP, Domain, Echo, FTP, FTP Data,
HTTP, SMTP, Telnet, WWW, POP2, and POP3.
UDP port keywords include Domain, Echo, NTP, RIP, SNMP, TFTP,
TIME, and WHO.
ICMP Type
IPv6 ACL rule to match on the specified ICMP message type. This
option is available only if the protocol is ICMPv6.
ICMP Code
IPv6 ACL rule to match on the specified ICMP message code. This
option is available only if the protocol is ICMPv6.
ICMP Message
IPv6 ACL rule to match on the ICMP message type and code. Specify
one of the following supported ICMPv6 messages: Destination-
Unreachable, Echo-Request, Echo-Reply, Header, Hop-Limit, MLD-
Query, MLD-Reduction, MLD-Report, ND-NA, ND-NS, Next-Header,
No-Admin, No-Route, Packet-Too-Big, Port-Unreachable, Router-
Solicitation, Router-Advertisement, Router-Renumbering, Time-
Exceeded, and Unreachable. This option is available only if the proto-
col is ICMPv6.
TCP Flags
IPv6 ACL rule to match on the TCP flags. When a + flag is specified, a
match occurs if the flag is set in the TCP header. When a - flag is spec-
ified, a match occurs if the flag is not set in the TCP header. When
Established is specified, a match occurs if either RST or ACK bits are
set in the TCP header. This option is available only if the protocol is
TCP.
Flow Label
A 20-bit number that is unique to an IPv6 packet, used by end stations
to signify quality-of-service handling in routers.
IP DSCP
The IP DSCP value in the IPv6 packet to match to the rule. The DSCP
value is defined as the high-order six bits of the Service Type octet in
the IPv6 header.
Routing
IPv6 ACL rule to match on routed packets.
Item
Description
Содержание EKI-9512-C0IDW10E
Страница 1: ...User Manual EKI 9500 Series Full Managed Ethernet Switches...
Страница 20: ...Chapter 1 1Product Overview...
Страница 28: ...Chapter 2 2Switch Installation...
Страница 38: ...Chapter 3 3Configuration Utility...
Страница 43: ...Chapter 4 4Managing Switch...