Defining IP-based ACLs
IP-based ACLs are used to check IPv4 packets, while other types of frames, such as ARPs are
not checked.
The following fields can be matched:
- L4 protocol (by name for well-known ones, or directly by value)
- Source/destination ports for TCP/UDP traffic
- Flag values for TCP frames
- ICMP and IGMP type and code
- Source/destination IP addresses (including wildcards)
- DSCP/IP-precedence value
Note that ACLs are also used as the building elements of flow-definitions for per-flow
QoS handling (see QoS Advanced Mode).
The IP-based ACL Page enables:
- Displaying the rules of each ACL, along with the patterns to be matched in each header
field and the relevant action to take.
- Editing the selected ACL by adding/deleting rules, or by deleting the ACL itself.
- Adding ACLs to the system.
IPv6 ACLs are defined separately in the IPv6-based ACL Page.