Cisco Cisco MGX-FRSM-HS2 B Serial Frame Service Module Manual Técnica
ACL is applied to an interface and does not specifically allow return traffic back through, the
return traffic is denied by the implicit deny any any at the end of the ACL list.
return traffic is denied by the implicit deny any any at the end of the ACL list.
Source IP Address and MaskDefines the source IP addresses from a single host to multiple
subnets, which depends on the mask. The mask is used in conjunction with an IP address in order to
determine which bits in an IP address should be ignored when that IP address is compared with the IP
address in the packet.
subnets, which depends on the mask. The mask is used in conjunction with an IP address in order to
determine which bits in an IP address should be ignored when that IP address is compared with the IP
address in the packet.
Note: Masks in a WLC ACL are not like the wildcard or inverse masks used in Cisco IOS® ACLs. In
controller ACLs, 255 means match the octet in the IP address exactly, while 0 is a wildcard. The
address and mask are combined bit by bit.
controller ACLs, 255 means match the octet in the IP address exactly, while 0 is a wildcard. The
address and mask are combined bit by bit.
A mask bit 1 means check the corresponding bit value. The specification of 255 in the mask
indicates the octet in the IP address of the packet that is inspected must match exactly with
the corresponding octet in the ACL address.
indicates the octet in the IP address of the packet that is inspected must match exactly with
the corresponding octet in the ACL address.
♦
A mask bit 0 means do not check (ignore) that corresponding bit value. The specification of 0
in the mask indicates the octet in the IP address of the packet that is inspected is ignored.
in the mask indicates the octet in the IP address of the packet that is inspected is ignored.
♦
0.0.0.0/0.0.0.0 is equivalent to Any IP Address (0.0.0.0 as the address and 0.0.0.0 as the
mask).
mask).
♦
•
Destination IP Address and MaskFollows the same mask rules as the source IP address and mask.
•
ProtocolSpecifies the protocol field in the IP packet header. Some of the protocol numbers are
translated for customer convenience and are defined in the pull down menu. The different values are:
translated for customer convenience and are defined in the pull down menu. The different values are:
Any (all protocol numbers are matched)
♦
TCP (IP protocol 6)
♦
UDP (IP protocol 17)
♦
ICMP (IP protocol 1)
♦
ESP (IP protocol 50)
♦
AH (IP protocol 51)
♦
GRE (IP protocol 47)
♦
IP (IP protocol 4 IP−in−IP [CSCsh22975])
♦
Eth Over IP (IP protocol 97)
♦
OSPF (IP protocol 89)
♦
Other (Specify)
♦
The Any value matches any protocol in the IP header of the packet. This is used to completely block
or allow IP packets to/from specific subnets. Select IP to match IP−in−IP packets. Common selections
are UDP and TCP which provide for setting specific source and destination ports. If you select Other,
you can specify any of the IP packet protocol numbers defined by IANA
or allow IP packets to/from specific subnets. Select IP to match IP−in−IP packets. Common selections
are UDP and TCP which provide for setting specific source and destination ports. If you select Other,
you can specify any of the IP packet protocol numbers defined by IANA
.
•
Src PortCan only be specified for the TCP and UDP protocol. 0−65535 is equivalent to Any port.
•
Dest PortCan only be specified for the TCP and UDP protocol. 0−65535 is equivalent to Any port.
•
Differentiated Services Code Point (DSCP)Allows you to specify specific DSCP values to match
in the IP packet header. The choices in the pull down menu are specific or Any. If you configure
specific, you indicate the value in the DSCP field. For example, values from 0 to 63 can be used.
in the IP packet header. The choices in the pull down menu are specific or Any. If you configure
specific, you indicate the value in the DSCP field. For example, values from 0 to 63 can be used.
•
ActionThe 2 actions are deny or permit. Deny blocks the specified packet. Permit forwards the
packet.
packet.
•
ACL Rules and Limitations
Limitations of WLC Based ACLs
These are the limitations of WLC−based ACLs:
You cannot see what ACL line was matched by a packet (refer to Cisco bug ID CSCse36574
(registered customers only) ).
(registered customers only) ).
•