Configuration Guide Configuring ACL
Source IP address field (All source IP address values can be specified, or the subnet can be used to define a type of
data flows.)
Destination IP address field (All destination IP address values can be specified, or the subnet can be used to define a
type of data flows.)
Protocol type field
Layer 4 (L4) fields:
Either a TCP source or destination port is specified, or both are specified, or the range of the source or destination port
is specified.
Either a UDP source or destination port is specified, or both are specified, or the range of the source or destination port
is specified.
Filtering fields refer to the fields in packets that can be used to identify or classify packets when an ACE is generated. A
filtering field template is a combination of these fields. For example, when an ACE is generated, packets are identified and
classified based on the destination IP address field in each packet; when another ACE is generated, packets are identified
and classified based on the source IP address field and UDP source port field in each packet. The two ACEs use different
filtering field templates.
Rules refer to values of fields in the filtering field template of an ACE.For example, the content of an ACE is as follows:
permit tcp host
192.168.12.2
any eq telnet
In this ACE, the filtering field template is a combination of the following fields:source IP address field, IP protocol field, and
TCP destination port field. The corresponding values (rules) are as follows:source IP address = Host 192.168.12.2; IP
protocol = TCP; TCP destination port = Telnet.
Figure 11-2 Analysis of the ACE: permit tcp host 192.168.12.2 any eq telnet
A filtering field template can be a combination of L3 and L4 fields, or a combination of multiple L2 fields. The filtering
field template of a standard or an extended ACL, however, cannot be a combination of L2 and L3 fields, a combination
To Next Page
Loading...
Need help?
General
