Access Control
IPv4-based ACL Creation
577 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x
26
NOTE Given a mask of 0000 0000 0000 0000 0000 0000 1111 1111 (which means that
you match on the bits where there is 0 and don't match on the bits where there are 1's).
You need to translate the 1's to a decimal integer and you write 0 for each four zeros. In
this example since 1111 1111 = 255, the mask would be written: as 0.0.0.255.
• Source MAC Address—Select Any if all source address are acceptable or User defined
to enter a source address or range of source addresses.
• Source MAC Address Value—Enter the MAC address to which the source MAC
address is to be matched and its mask (if relevant).
• Source MAC Wildcard Mask—Enter the mask to define a range of MAC addresses.
• VLAN ID—Enter the VLAN ID section of the VLAN tag to match.
• 802.1p—Select Include to use 802.1p.
• 802.1p Value—Enter the 802.1p value to be added to the VPT tag.
• 802.1p Mask—Enter the wildcard mask to be applied to the VPT tag.
• Ethertype—Enter the frame Ethertype to be matched.
STEP 5 Click Apply. The MAC-based ACE is saved to the Running Configuration file.
IPv4-based ACL Creation
IPv4-based ACLs are used to check IPv4 packets, while other types of frames, such as ARPs,
are not checked.
The following fields can be matched:
• IP protocol (by name for well-known protocols, or directly by value)
• Source/destination ports for TCP/UDP traffic
• Flag values for TCP frames
• ICMP and IGMP type and code
• Source/destination IP addresses (including wildcards)
• DSCP/IP-precedence value
NOTE ACLs are also used as the building elements of flow definitions for per-flow QoS handling.
To Next Page
Loading...
