Chapter 12
| Security Measures
Access Control Lists
– 328 –
Configuring an
Extended IPv4 ACL
Use the Security > ACL (Configure ACL - Add Rule - IP Extended) page to configure
an Extended IPv4 ACL.
Parameters
These parameters are displayed:
◆ Type – Selects the type of ACLs to show in the Name list.
◆ Name – Shows the names of ACLs matching the selected type.
◆ Action – An ACL can contain any combination of permit or deny rules.
◆ Source/Destination Address Type – Specifies the source or destination IP
address type. Use “Any” to include all possible addresses, “Host” to specify a
specific host address in the Address field, or “IP” to specify a range of addresses
with the Address and Subnet Mask fields. (Options: Any, Host, IP; Default: Any)
◆ Source/Destination IP Address – Source or destination IP address.
◆ Source/Destination Subnet Mask – Subnet mask for source or destination
address. (See the description for Subnet Mask on page 326.)
◆ Source/Destination Port – Source/destination port number for the specified
protocol type. (Range: 0-65535)
◆ Source/Destination Port Bit Mask – Decimal number representing the port
bits to match. (Range: 0-65535)
◆ Protocol – Specifies the protocol type to match as TCP, UDP or Others, where
others indicates a specific protocol number (0-255). (Options: TCP, UDP, Others;
Default: Others)
◆ Service Type – Packet priority settings based on the following criteria:
■
Precedence – IP precedence level. (Range: 0-7)
■
DSCP – DSCP priority level. (Range: 0-63)
◆ Control Code – Decimal number (representing a bit string) that specifies flag
bits in byte 14 of the TCP header. (Range: 0-63)
◆ Control Code Bit Mask – Decimal number representing the code bits to match.
(Range: 0-63)
The control bit mask is a decimal number (for an equivalent binary bit mask)
that is applied to the control code. Enter a decimal number, where the
equivalent binary bit “1” means to match a bit and “0” means to ignore a bit.
The following bits may be specified:
■
1 (fin) – Finish
■
2 (syn) – Synchronize
To Next Page
Loading...
Need help?
General