Access Control
IPv6-Based ACL Creation
408 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
22
• Destination IP Address Value—Enter the IP address to which the destination MAC
address is matched and its mask (if relevant).
• Destination IP Prefix Length—Enter the prefix length of the IP address.
• Source Port—Select one of the following:
- Any—Match to all source ports.
- Select from list—Select a single TCP/UDP source port to which packets are
matched. This field is active only if 800/6-TCP or 800/17-UDP is selected in the IP
Protocol drop-down menu.
- By number—Enter a single TCP/UDP source port to which packets are matched.
This field is active only if 800/6-TCP or 800/17-UDP is selected in the IP Protocol
drop-down menu.
• Destination Port—Select one of the available values. They are the same as for the
Source Port field described above.
NOTE You must specify the IPv6 protocol for the ACL before you can configure the
source and/or destination port.
• Flow Label—Classifies IPv6 traffic based on a IPv6 Flow label field. This is a 20-bit
field that is part of the IPv6 packet header. An IPv6 flow label can be used by a source
station to label a set of packets belonging to the same flow. Select Any if all flow labels
are acceptable or select User defined and then enter a specific flow label to be accepted
by the ACL.
• TCP Flags—Select one or more TCP flags with which to filter packets. Filtered packets
are either forwarded or dropped. Filtering packets by TCP flags increases packet
control, which increases network security. For each type of flag, select one of the
following options:
- Set—Match if the flag is SET.
- Unset—Match if the flag is Not SET.
- Don’t care—Ignore the TCP flag.
• Type of Service—The service type of the IP packet.
- Any—Any service type
- DSCP to Match—Differentiated Serves Code Point (DSCP) to match
To Next Page
Loading...
