Managing Device Security
283
S3300 Smart Managed Pro Switch
Figure 102. Extended ACL Rule Configuration
4. Next to Sequence Number, specify a number in the range of 1 to 2147483647 to identify
the IP ACL rule.
You can create up to 50 rules for each ACL.
5. Select or
specify values for one or more of the following match criteria:
• Action. Sele
ct the ACL forwarding action, which is one of the following:
- Permit. Forwards p
ackets which meet the ACL criteria.
- Deny. Drop
s packets which meet the ACL criteria.
• Egres
s Queue. Specify the hardware egress queue identifier used to handle all
packets matching this ACL rule.
• Match Every. Requir
e a packet to match the criteria of this ACL. Select True or False
from the drop-down menu. Match Every is exclusive to the other filtering rules, so if
Match Every is True, the other rules on the screen are not available.
• Protoc
ol Type. Require a packet’s protocol to match the protocol listed here. Select a
type from the drop-down menu or enter the protocol number in the available field.
• Src IP Addres
s. Require a packet’s source IP address to match the address listed
here. Type an IP Address in the appropriate field using dotted-decimal notation. The
address you enter is compared to a packet’s source IP Address.
• Src IP Mask.
Specify the source IP address wildcard mask. Wild card masks
determines which bits are used and which bits are ignored. A wild card mask of
255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that
all of the bits are important. Wildcard masking for ACLs operates differently from a
subnet mask. A wildcard mask is in essence the inverse of a subnet mask. For
example, to apply the rule to all hosts in the 192.168.1.0/24 subnet, you type
To Next Page
Loading...
