Configuring Device Security
Defining Access Control
Cisco Small Business SFE/SGE Managed Switches Administration Guide 120
4
• TCP Flags — Filters packets by TCP flag. Filtered packets are either forwarded
or dropped. Filtering packets by TCP flags increases packet control, which
increases network security. The possible field values are:
• ICMP — Indicates if ICMP packets are permitted on the network. The possible
field values are as follows:.
• ICMP Code — Indicates and ICMP message code for filtering ICMP packets.
ICMP packets that are filtered by ICMP message type can also be filtered by
the ICMP message code.
• Source
-
IP Address
— Matches the source port IP address from which packets
are addressed to the ACE.
-
Prefix Length
— Matches the IP route prefix for the destination IP. The
prefix length must be preceded by a forward slash /.
• Destination
-
IP Address
— Matches the destination port IP address to which packets
are addressed to the ACE.
-
Prefix Length
— Matches the IP route prefix for the destination IP. The
prefix length must be preceded by a forward slash /.
• Traffic Class — Indicates the traffic class to which the packet is matched.
Select either Match DSCP or Match IP Precedence.
•
Match DSCP
— Matches the packet to the DSCP tag value.
•
Match IP Precedence
— Matches the packet IP Precedence value to the
ACE. Either the DSCP value or the IP Precedence value is used to match
packets to ACLs. The possible field range is 0-7.
• Action — Indicates the action assigned to the packet matching the ACL.
Packets are forwarded or dropped. In addition, the port can be shut down, a
trap can be sent to the network administrator, or packet is assigned rate
limiting restrictions for forwarding. The options are as follows:
-
Permit
— Forwards packets which meet the ACL criteria.
-
Deny
— Drops packets which meet the ACL criteria.
-
Shutdown
— Drops packet that meets the ACL criteria, and disables the
port to which the packet was addressed. Ports are reactivated from the
Port Management
page.
To Next Page
Loading...
