Protection from unauthorized access
Basic - L3P
Release
3.1
06/07
6.6
Access Control Lists (ACL)
91
The sequence used in defining the rules of a list, and the sequence in which
these lists are attached to an interface, determines the sequence in which the
rules and lists are used (see
“Specifying the sequence of the rules” on page
100).
Note:
With Power MICE and MACH 4000, you can use either MAC-based or
IP-based ACLs for each interface.
With MACH 4002-24G/48G, you can use both MAC-based and IP-based
ACLs for each interface.
6.6.1 Description of IP-based ACLs
The switch decides between standard and extended IP-based ACLs.
ACLs
with an ID number (ACL ID)
D 1 to 99 are standard IP-based ACLs and
D 100 to 199 are extended IP-based ACLs.
Standard IP-based ACLs provide the following criteria for filtering:
D IP source address with network mask
D All data packets (match every)
Extended IP-based ACLs provide the following criteria for filtering:
D All data packets (every)
D Protocol number or protocol (IP, ICMP, IGMP, TCP, UDP)
D IP source address with network mask or all IP source addresses (any)
D Layer 4 protocol number of the source (UDP port, TCP port)
D IP destination address with network mask or all IP destination
addresses
(any)
D Layer 4 protocol number of the destination (UDP port, TCP port)
D TOS field with mask
D DSCP field
D IP precedence field
To Next Page
Loading...
Need help?
General
