EasyManua.ls Logo

Hirschmann GigaLION-24TP - Configuring an Extended IP ACL

Hirschmann GigaLION-24TP
426 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Access Control Lists
3-55
3
Configuring an Extended IP ACL
Command Attributes
Action – An ACL can contain either all permit rules or all deny rules.
(Default: Permit rules)
Src/Dst IP – Specifies the source or destination IP address. Use “Any” to include
all possible addresses, “Host” to specify a specific host address in the Address
field, or “IP” to specify a range of addresses with the Address and SubMask fields.
(Options: Any, Host, IP; Default: Any)
Src/Dst Address – Source or destination IP address.
Src/Dst SubMask – Subnet mask for source or destination address. (See the
description for SubMask on page 3-53.)
Service Type – Packet priority settings based on the following criteria:
- Precedence – IP precedence level. (Range: 0-7)
- TOS – Type of Service level. (Range: 0-15)
- DSCP – DSCP priority level. (Range: 0-64)
Protocol – Specifies the protocol type to match as TCP, UDP or Others, where
others indicates a specific protocol number (0-255). (Options: TCP, UDP, Others;
Default: TCP)
Src/Dst Port – Source/destination port number for the specified protocol type.
(Range: 0-65535)
Src/Dst Port Bitmask – Decimal number representing the port bits to match.
(Range: 0-65535)
Control Code – Decimal number (representing a bit string) that specifies flag bits
in byte 14 of the TCP header. (Range: 0-63)
Control Bitmask – Decimal number representing the code bits to match.
The control bitmask is a decimal number (for an equivalent binary bit mask) that is
applied to the control code. Enter a decimal number, where the equivalent binary
bit “1” means to match a bit and “0” means to ignore a bit. The following bits may
be specified:
-1 (fin) Finish
- 2 (syn) – Synchronize
- 4 (rst) – Reset
- 8 (psh) – Push
- 16 (ack) – Acknowledgement
- 32 (urg) – Urgent pointer
For example, use the code value and mask below to catch packets with the
following flags set:
- SYN flag valid, use control-code 2, control bitmask 2
- Both SYN and ACK valid, use control-code 18, control bitmask 18
- SYN valid and ACK invalid, use control-code 2, control bitmask 18

Table of Contents

Related product manuals