Access Control
IPv4-based ACL Creation
Cisco 350XG & 550XG Series 10G Stackable Managed Switches
545
25
•
Destination IP Address
—Select
Any
if all destination address are
acceptable or
User defined
to enter a destination address or range of
destination addresses.
•
Destination IP Address Value
—Enter the IP address to which the
destination IP address is to be matched.
•
Destination IP Wildcard Mask
—Enter the mask to define a range of IP
addresses.
•
Source Port
—Select one of the following:
-
Any
—Match to all source ports.
-
Single from list
—Select a single TCP/UDP source port to which packets
are matched. This field is active only if 800/6-TCP or 800/17-UDP is
selected in the Select from List drop-down menu.
-
Single my number
—Enter a single TCP/UDP source port to which
packets are matched. This field is active only if 800/6-TCP or 800/17-UDP
is selected in the Select from List drop-down menu.
-
Range
—Select a range of TCP/UDP source ports to which the packet is
matched. There are eight different port ranges that can be configured
(shared between source and destination ports). TCP and UDP protocols
each have eight port ranges.
•
Destination Port
—Select one of the available values. These are the same as
the Source Port field described above.
NOTE
You must specify the IP protocol for the ACE before you can enter the
source and/or destination port.
•
TCP Flags
—Select one or more TCP flags with which to filter packets.
Filtered packets are either forwarded or dropped. Filtering packets by TCP
flags increases packet control, which increases network security.
•
Type of Service
—The service type of the IP packet.
-
Any
—Any service type
-
DSCP to Match
—Differentiated Serves Code Point (DSCP) to match
-
IP Precedence to match
—IP precedence is a model of TOS (type of
service) that the network uses to help provide the appropriate QoS
commitments. This model uses the 3 most significant bits of the service
type byte in the IP header, as described in RFC 791 and RFC 1349.
