3com 2924-PWR User Manual
72
C
HAPTER
4: M
ANAGING
D
EVICE
S
ECURITY
■
ICMP Code — Indicates the ICMP message code for filtering ICMP
packets. ICMP packets that are filtered by ICMP message type can also
be filtered by the ICMP message code.
packets. ICMP packets that are filtered by ICMP message type can also
be filtered by the ICMP message code.
■
IGMP Type — Indicates the IGMP message type filter.
■
Source Address — Matches the source IP address to which packets
are addressed to the ACL.
are addressed to the ACL.
■
Source Mask — Indicates the source IP address mask.
■
Destination Address — Matches the destination IP address to which
packets are addressed to the ACL.
packets are addressed to the ACL.
■
Destination Mask — Indicates the destination IP address mask.
■
DSCP — Matches the packet DSCP value to the ACL. Either the DSCP
value or the IP Precedence value is used to match packets to ACLs.
value or the IP Precedence value is used to match packets to ACLs.
■
IP - Prec. — Indicates matching ip-precedence with the packet IP
precedence value.
precedence value.
■
Action — Indicates the ACL forwarding action. In addition, the port
can be shut down, a trap can be sent to the network administrator, or
packet is assigned rate limiting restrictions for forwarding. The options
are as follows:
can be shut down, a trap can be sent to the network administrator, or
packet is assigned rate limiting restrictions for forwarding. The options
are as follows:
■
Permit — Forwards packets which meet the ACL criteria.
■
Deny — Drops packets which meet the ACL criteria.
■
Shutdown — Drops packet that meets the ACL criteria, and
disables the port to which the packet was addressed. Ports are
reactivated from the Port Administration Setup Page.
disables the port to which the packet was addressed. Ports are
reactivated from the Port Administration Setup Page.
Defining IP Based
ACLs
Access Control Lists (ACL) allow network managers to define
classification actions and rules for specific ingress ports. Your switch
supports up to 256 ACLs. Packets entering an ingress port, with an active
ACL, are either admitted or denied entry. If they are denied entry, the user
can disable the port. ACLs are composed of access control entries (ACEs)
that are made of the filters that determine traffic classifications. The total
number of ACEs that can be defined in all ACLs together is 256.
classification actions and rules for specific ingress ports. Your switch
supports up to 256 ACLs. Packets entering an ingress port, with an active
ACL, are either admitted or denied entry. If they are denied entry, the user
can disable the port. ACLs are composed of access control entries (ACEs)
that are made of the filters that determine traffic classifications. The total
number of ACEs that can be defined in all ACLs together is 256.