|
ACL Name
|
Displays the name of the ACL to which an ACE is being added.
|
|
Priority
|
Enter the priority. ACEs with higher priority are processed first.
|
|
Action
|
Select the action assigned to the packet matching the ACE from the following options:
-
Permit—Forward packets that meet the ACE criteria.
-
Deny—Drop packets that meet the ACE criteria.
-
Shutdown—Drop packets that meet the ACE criteria, and disable the port to which the packets addressed.
|
|
Protocol
|
Select to create an ACE based on a specific protocol from the following options:
-
TCP—Transmission Control Protocol Enables two hosts to communicate and exchange data streams TCP guarantees packet delivery, and guarantees that packets are transmitted and received in the order they sent.
-
UDP—User Datagram Protocol Transmits packets but doesn’t guarantee their delivery.
-
ICMPv6—Matches packets to the Internet Control Message Protocol (ICMP).
Or
-
Protocol ID to Match—Enter the ID of the protocol to be matched.
|
|
Source IP Address
|
Select Any if all source addresses are acceptable or User defined to enter a source address or range of source addresses.
|
|
Source IP Address Value
|
Enter the IP address to which the source IP address is to be matched and its mask (if relevant).
|
|
Source IP Prefix Length
|
Enter the prefix length of the source IP address.
|
|
Destination IP Address
|
Select Any if all destination addresses are acceptable or User defined to enter a destination address or a range of destination addresses.
|
|
Destination IP Address Value
|
Enter the IP address to which the destination MAC address is matched and its mask (if relevant).
|
|
Destination IP Prefix Length
|
Enter the prefix length of the IP address.
|
|
Source Port
|
Select one of the following
-
Any—Match to all source ports.
-
Single from list—Select a single TCP/UDP source port to which packets are matched. This field is active only if 800/6-TCP or 800/17-UDP is selected in the IP Protocol drop-down menu.
-
By number—Enter a single TCP/UDP source port to which packets are matched. This field is active only if 800/6-TCP or 800/17-UDP is selected in the IP Protocol drop-down menu.
|
|
Destination Port
|
Select one of the available values. They are the same as for the Source Port field described above.
Note |
You must specify the IPv6 protocol for the ACL before you can configure the source and/or destination port.
|
|
|
TCP Flags
|
Select one or more TCP flags with which to filter packets. Filtered packets are either forwarded or dropped. Filtering packets by TCP flags increases packet control, which increases network security. For each type of flag, select one of the following options:
-
Set—Match if the flag is SET.
-
Unset—Match if the flag is Not SET.
-
Don’t care—Ignore the TCP flag.
|
|
Type of Service
|
The service type of the IP packet.
-
Any—Any service type
-
DSCP to match—Differentiated Serves Code Point (DSCP) to match.
-
IP Precedence to match—IP precedence is a model of TOS (type of service) that the network uses to help provide the appropriate QoS commitments. This model uses the 3 most significant bits of the service type byte in the IP header, as described in RFC 791 and RFC 1349.
|
|
ICMP
|
If the ACL is based on ICMP, select the ICMP message type that is used for filtering purposes. Either select the message type by name or enter the message type number. If all message types are accepted, select Any.
-
Any—All message types are accepted.
-
Select from list—Select message type by name from the drop-down list.
-
ICMP Type to Match—Number of message types that is to be used for filtering purposes.
|
|
ICMP Code
|
The ICMP messages may have a code field that indicates how to handle the message. Select one of the following options, to configure whether to filter on this code:
|