Configuring Device Security
Defining Access Control
Cisco Small Business SFE/SGE Managed Switches Administration Guide
105
4
•
ICMP — Filters packets by ICMP message type. The field values is 0-255.
•
ICMP Code — Indicates and ICMP message code for filtering ICMP packets.
ICMP packets that are filtered by ICMP message type can also be filtered by
the ICMP message code.
•
IGMP Type — Filters packets by IGMP message or message types.
•
Source
IP Address
— Matches the source port IP address from which packets
are addressed to the ACE.
-
Wildcard Mask
— Defines the source IP address wildcard mask.
Wildcard masks specify which bits are used and which bits are ignored.
A wildcard mask of 255.255.255.255 indicates that no bit is important. A
wildcard of 0.0.0.0 indicates that all the bits are important. For example, if
the source IP address 149.36.184.198 and the wildcard mask is
255.36.184.00, the first eight bits of the IP address are ignored, while the
last eight bits are used.
•
Destination
I
P Address — Matches the destination port IP address to which
packets are addressed to the ACE.
-
Wildcard Mask
— Defines the destination IP address of the wildcard
mask.
•
Traffic Class
— Indicates the traffic class to which the packets are matched.
Select either Match DSCP or Match IP Precedence.
•
Match DSCP
— Matches the packet to the DSCP tag value. The possible
field range is 0-63.
•
Match IP Precedence
— Matches the packet IP Precedence value to the
ACE. Either the DSCP value or the IP Precedence value is used to match
packets to ACLs. The possible field range is 0-7.
•
Action — Indicates the action assigned to the packet matching the ACL.
Packets are forwarded or dropped. In addition, the port can be shut down, a
trap can be sent to the network administrator, or packet is assigned rate
limiting restrictions for forwarding. The options are as follows:
-
Permit
— Forwards packets which meet the ACL criteria.
-
Deny
— Drops packets which meet the ACL criteria.
-
Shutdown
— Drops packet that meets the ACL criteria, and disables the
port to which the packet was addressed. Ports are reactivated from the
Port Management
page.