When you choose Permit, the rule allows all traffic that meets the rule criteria to enter the WAP device. Traffic
that does not meet the criteria is dropped.
When you choose Deny, the rule blocks all traffic that meets the rule criteria from entering the WAP device. Traffic
that does not meet the criteria is forwarded unless this rule is the final rule. Because there is an implicit deny all
rule at the end of every ACL, traffic that is not explicitly permitted is dropped.
• Service (Protocol) — Uses a Layer 3 or Layer 4 protocol match condition based on the value of the IP Protocol
field. You can choose one of these options:
◦ All Traffic — Allows all traffic that meets the rule criteria
◦ Select From List — Choose one of these protocols: IP, ICMP, IGMP, TCP, or UDP.
◦ Custom — Enter a standard IANA-assigned protocol ID from 0 to 255. Choose this method to identify a
protocol not listed in the Select From List.
• Source IPv4 Address — Requires the packet's source IP address to match the address defined in the appropriate
fields.
◦ Any— Allows for any IP address.
◦ Single Address — Enter the IP address to apply this criteria.
◦ Address/Mask — Enter the source IP address wild card mask. The wild card mask determines which bits
are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important.
A wild card of 0.0.0.0 indicates that all bits are important. This field is required when the Source IP Address
is checked.
A wild card mask is basically the inverse of a subnet mask. For example, to match the criteria to a single host
address, use a wild card mask of 0.0.0.0. To match the criteria to a 24-bit subnet (for example, 192.168.10.0/24),
use a wild card mask of 0.0.0.255.
• Source Port — Includes a source port in the match condition for the rule. The source port is identified in the
datagram header
◦ All Traffic— Allows all traffic that meets the rule criteria.
◦ Select From List — Choose the keyword associated with the source port to match: ftp, ftpdata, http, smtp,
snmp, telnet, tftp, www. Each of these keywords translates into its equivalent port number.
◦ Custom — Enter the IANA port number to match to the source port identified in the datagram header. The
port range is 0 to 65535 and includes three different types of ports:
◦ 0 to 1023 — Well known ports
◦ 1024 to 49151 — Registered ports
◦ 49152 to 65535 — Dynamic and/or private port
• Destination IPv4 Address — Requires a packet's destination IP address to match the address defined in the
appropriate fields.
◦ Any — Enter any IP address.
◦ Single Address — Enter an IP address to apply this criteria.
Cisco WAP125 Wireless-AC/N Dual Band Desktop Access Point with PoE
67
Access Control
Configure IPv4 ACLs
To Next Page
Loading...
