3com 2928 User Guide

1-8

Table 1-7

describes the configuration items for creating a rule for an advanced IPv4 ACL.

Table 1-7

Configuration items for an advanced IPv4 ACL rule

Item

Description

Select Access Control List (ACL)

Select the advanced IPv4 ACL for which you want to

configure rules.
Available ACLs are advanced IPv4 ACLs that have

been configured.

Rule ID

Select the Rule ID option and type a number for the

rule.
If you do not specify the rule number, the system will

assign one automatically.

Operation

Select the operation to be performed for packets

matching the rule.

Permit

: Allows matched packets to pass.

Deny

: Drops matched packets.

Check Fragment

Select this option to apply the rule to only non-first

fragments.
If you do no select this option, the rule applies to all

fragments and non-fragments.

Check Logging

Select this option to keep a log of matched packets.
A log entry contains the ACL rule number, operation

for the matched packets, protocol that IP carries,

source/destination address, source/destination port

number, and number of matched packets.

Source IP Address

Source Wildcard

Select the Source IP Address option and type a

source IPv4 address and a source wildcard mask, in

dotted decimal notation.

Destination IP Address

IP Address

Filter

Destination Wildcard

Select the Source IP Address option and type a

source IP address and a source wildcard mask, in

dotted decimal notation.

Protocol

Select the protocol to be carried by IP.
If you select 1 ICMP, you can configure the ICMP

message type and code; if you select 6 TCP or 17
UDP

, you can configure the TCP or UDP port.

Named ICMP Type

ICMP Type

ICMP Code

Specify the ICMP message type and code.
These items are available only when you select 1
ICMP

from the Protocol drop-down box.

If you select Other from the Named ICMP Type

drop-down box, you need to type values in the ICMP
Type

and ICMP Code fields. Otherwise, the two

fields will take the default values, which cannot be

changed.