Access Control
IPv6-based ACLs
Cisco Small Business 300 Series Managed Switch Administration Guide 243
17
• Source IP Address Value—Enter the IP address to which the source IP
address will be matched and its mask (if relevant).
• Source IP Prefix Length—Enter the prefix length of the source IP address.
• Destination IP Address—Select Any if all destination address are
acceptable or User defined to enter a destination address or a range of
destination addresses.
• Destination IP Address Value—Enter the IP address to which the
destination MAC address will be matched and its mask (if relevant).
• Destination IP Prefix Length—Enter the prefix length of the IP address.
• Source Port—Select one of the following:
- Any—Match to all source ports.
- Single—Enter a single TCP/UDP source port to which packets are
matched. This field is active only if 800/6-TCP or 800/17-UDP is selected
in the IP Protocol drop-down menu.
- Range—Select a range of TCP/UDP source ports to which the packet is
matched.
• Destination Port—Select one of the available values. (They are the same as
for the Source Port field described above).
NOTE You must specify the IPv6 protocol for the ACL before you can
configure the source and/or destination port.
• TCP Flags—Select one of more TCP flags with which to filter packets.
Filtered packets are either forwarded or dropped. Filtering packets by TCP
flags increases packet control, which increases network security.
- Set—Match if the flag is SET.
- Unset—Match if the flag is Not SET.
- Don’t care—Ignore the TCP flag.
• Type of Service—The service type of the IP packet.
• ICMP—If the ACL is based on ICMP, select the ICMP message type that will
be used for filtering purposes. Either select the message type by name or
enter the message type number. If all message types are accepted, select
Any.
- Any—All message types are accepted.
To Next Page
Loading...
