Security
142
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch
To change the name of an IP ACL, select the check box next to the IP ACL ID field, update
the name, then click Apply.
IP Rules
Use the IP Rules screen to define rules for IP-based standard ACLs. The access list
definition includes rules that specify whether traffic matching the criteria is forwarded
normally or discarded.
Note: There is an implicit “deny all” rule at the end of an ACL list. This rule
means that if an ACL is applied to a packet and if none of the explicit
rules match, the final implicit “deny all” rule applies and the packet is
dropped.
To configure IP rules, select the following:
1. Select Security > ACL > Advanced > IP Rules.
2. From the ACL ID field, select the IP ACL for which to create or update a rule.
The valid range is 1–99.
3. Configure the following fields:
• Rule ID. Specify a number from 1 to 50 to identify the IP ACL rule. You can create up
to 50 rules for each ACL.
• Action. Select an ACL forwarding action:
• Permit. Forwards packets which meet the ACL criteria.
• Deny. Drops packets which meet the ACL criteria.
• Logging. When set to Enable, logging is enabled for this ACL rule (subject to
resource availability in the device). If the access list trap flag is also enabled, this
causes periodic traps to be generated indicating the number of times this rule was hit
during the current report interval. A fixed 5-minute report interval is used for the entire
system. A trap is not issued if the ACL rule hit count is 0 for the current interval. This
field is available for a deny action.
• Match Every. Requires a packet to match the criteria of this ACL. Select Enable or
Disable. Match Every is exclusive to the other filtering rules, so if Match Every is
enabled, the other rules on the screen are not available.
• Source IP Address. Requires a packet’s source IP address to match the address
listed here. Enter an IP address using dotted-decimal notation. The address you enter
is compared to a packet's source IP address.
• Source IP Mask. Specifies the source IP address wildcard mask. Wildcard masks
determine which bits are used and which bits are ignored. A wildcard mask of
255.255.255.255 indicates that no bit is important. A wildcard mask of 0.0.0.0
indicates that all of the bits are important. Wildcard masking for ACLs operates
differently from a subnet mask. A wildcard mask is in essence the inverse of a subnet
To Next Page
Loading...
