Access Control
Configuring IPv4-Based ACEs
Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x 242
17
- Range—Select a range of TCP/UDP source ports to which the packet is
matched. There are eight different port ranges that can be configured
(shared between source and destination ports). TCP and UDP protocols
each have eight port ranges.
• Destination Port—Select one of the available values. (They are the same as
for the Source Port field.)
NOTE You must select an IP protocol for the ACE before you enter the source
and destination ports.
• TCP Flags—Select one or more TCP flags with which to filter packets.
Filtered packets are either forwarded or dropped. Filtering packets by TCP
flags increases packet control, which increases network security.
-
Set
—Match if the flag is SET.
-
Unset
—Match if the flag is Not SET.
-
Don’t care
—Ignore the TCP flag.
• Type of Service—Select the service type of IP packets. The options are:
-
Any
—Any service type.
-
DSCP to match
—Differentiated Serves Code Point (DSCP) to match.
-
IP Precedence to match
—IP precedence is a model of TOS (type of
service) that the network uses to help provide the appropriate QoS
commitments. This model uses the 3 most significant bits of the service
type byte in the IP header, as described in RFC 791 and RFC 1349.
• ICMP—If the IP protocol of the ACL is ICMP, select the ICMP message type
used for filtering purposes. The options are:
-
Any (IP)
—All message types are accepted.
-
Select from list
—Select message type by name.
-
ICMP Type to match
—Enter the number of message type to be used for
filtering purposes.
• ICMP Code—The ICMP messages can have a code field that indicates how
to handle the message. Select Any to accept all codes, or select User
Defined to enter an ICMP code for filtering purposes.
To Next Page
Loading...
