Manage Device Security
610
M4300 Series and M4300-96X Fully Managed Switches User Manual
of configuring other match criteria is not available. To configure specific match criteria
for the rule, remove the rule and recreate it, or select False from the Match Every
menu.
• Protocol Type. Specify the IPv6 protocol
Type in one of the following ways:
- From the Protocol Type menu, select
IPv6, TCP, UDP, or ICMPv6.
- From the Protocol Type menu, select
Other, and in the associated field, specify
an integer ranging from 1 to 255. This number represents the IPv6 protocol.
• TCP Flag. For each TCP flag, specify whether or not a packet’
s TCP flag must be
matched. The TCP flag values are URG, ACK, PSH, RST, SYN, and FIN. You can set
each TCP flag separately to one of the following options:
- Ignore. The packet’
s TCP flag is ignored. This is the default setting.
- Set (+). A packet matches this
ACL rule if the TCP flag in this packet is set.
- Clear (-). A packet matches this
ACL rule if the TCP flag in this packet is not set.
Note: If the RST and ACK flags are set, the option Established is available,
indicating that a match occurs if either the RST- or ACK-specified bits
are set in the packet’s header.
• Src. In the Src field, enter a source IPv6 address to be compared to a packet’
s
source IPv6 address as a match criteria for the selected IPv6
ACL rule:
- If you select the IPv6 Address radio button, enter an IPv6 address to apply this
criteria. If this field is left empty, it means
any.
- If you select the Host radio button, enter a host source IPv6 address to match the
specified IPv6 address. If this field is left empty, it means
any.
The source IPv6 address argument must be in the form documented in RFC 2373
where the address is specified in hexadecimal using 16-bit values between colons.
• Src L4. The options are available only when protocol is set to TCP or UDP. Use the
source L4 port option to specify relevant matching conditions for L4 port numbers in
the extended ACL rule.
You can select either the Port radio button or the Range radio button:
- If you select the Port radio button, you can either select port key from the menu
or enter the port number yourself.
• The source IP TCP port names are bgp, domain, echo, ftp, ftpdata, http, smtp,
snmp,
Telnet, www, pop2, pop3.
• The source IP UDP port names are domain, echo, ntp, rip, snmp, tftp, time,
who.
Each of these values translates into its equivalent port number, which is used as
both the start and end of the port range.
Select Other from the menu to enter a port number. If you select
Other from the
menu but leave the field blank, it means any.
To Next Page
Loading...
