Creating IPv4-ACLs or IPv6-ACLs in Device Manager
To add entries to an existing IPv4-ACL or an IPv6-ACL using Device Manager, follow these steps:
This creates a new IP-ACL profile.
After you create an IPv4-ACL or an IPv6-ACL, you can add subsequent IP filters at the end of the IPv4-ACL or the IPv6-ACL if you are using Device Manager. Fabric Manager allows you to reorder existing rules for a profile. You cannot insert filters in the middle of an IPv4-ACL or an IPv6-ACL. Each configured entry is automatically added to the end of a IPv4-ACL or an IPv6-ACL.
- Click Create to create an IP filter.
- Choose either permit or deny for the Action and set the IP Number in the Protocol field. The drop-down menu provides common filtered protocols.
- Set the source IP address you want this filter to match against and the wildcard mask, or check the any check box to match this filter against any IP address.
This creates an IP filter that will check the source IP address of frames.
Note The wildcard mask denotes a subset of the IP address you want to match against. This allows a range of addresses to match against this filter.
Set the transport layer source port range if the protocol chosen is TCP or UDP. This creates an IP filter that will check the destination IP address of frames.
- Set the ToS, ICMPType, and ICMPCode fields as appropriate.
- Check the TCPEstablished check box if you want to match TCP connections with ACK,FIN,PSH,RST,SYN or URG control bits set.
- Check the LogEnabled check box if you want to log all frames that match this IP filter.
- Click Create to create this IP filter and add it to your IP-ACL.
Copyright © 2002-2007, Cisco Systems, Inc. All rights reserved.