Configuring Device Security
Defining Access Control
Page 82
•
Destination
–
IPv4 Address
— Matches the destination port IPv4 address to which packets are addressed to the ACE.
–
Mask
— Defines the destination IP address wildcard mask. Wildcard masks specify which bits are used
and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A
wildcard of 0.0.0.0 indicates that all the bits are important.
•
Flag Set
— Sets the indicated TCP flag that can be triggered. The possible values are:
–
Urg, Ack, Psh, Rst, Syn,
and
Fin
.
The indicated value setting is represented by one of the following:
–
1
— Flag is set.
–
0
— Flag is disabled.
–
x
— Don’t care.
•
ICMP Type
— Filters packets by ICMP message type. The field values are 0-255.
•
ICMP Code
— Indicates and ICMP message code for filtering ICMP packets. ICMP packets that are filtered
by ICMP message type can also be filtered by the ICMP message code.
•
IGMP
Type
— Filters packets by IGMP message or message types.
•
DSCP
— Matches the packets DSCP value.
•
IP Prec.
— Matches the packet IP Precedence value to the ACE. Either the DSCP value or the IP
Precedence value is used to match packets to ACLs. The possible field range is 0-7.
•
Action
— Indicates the action assigned to the packet matching the ACL. Packets are forwarded or dropped.
In addition, the port can be shut down, a trap can be sent to the network administrator, or packet is assigned
rate limiting restrictions for forwarding. The options are as follows:
–
Permit
— Forwards packets which meet the ACL criteria.
–
Deny
— Drops packets which meet the ACL criteria.
–
Shutdown
— Drops packet that meets the ACL criteria, and disables the port to which the packet was
addressed. Ports are reactivated from the
Port Management
Page
.
•
Delete
— To remove an ACE, click the ACE’s checkbox and click the
Delete
button.
