Cisco Cisco WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch 관리 매뉴얼
ACL
ACL Rule
Cisco WAP131 and WAP351 Administration Guide
143
8
•
ACL Name - ACL Type—Choose the ACL to configure with the new rule.
•
Rule—Choose New Rule to configure a new rule for the selected ACL. When
an ACL has multiple rules, the rules are applied to the packet or frame in the
order in which you add them to the ACL. There is an implicit deny all rule as
the final rule.
an ACL has multiple rules, the rules are applied to the packet or frame in the
order in which you add them to the ACL. There is an implicit deny all rule as
the final rule.
•
Action—Choose whether the ACL rule permits or denies an action.
When you choose Permit, the rule allows all traffic that meets the rule
criteria to enter the WAP device. Traffic that does not meet the criteria is
dropped.
criteria to enter the WAP device. Traffic that does not meet the criteria is
dropped.
When you choose Deny, the rule blocks all traffic that meets the rule criteria
from entering the WAP device. Traffic that does not meet the criteria is
forwarded unless this rule is the final rule. Because there is an implicit deny
all rule at the end of every ACL, traffic that is not explicitly permitted is
dropped.
from entering the WAP device. Traffic that does not meet the criteria is
forwarded unless this rule is the final rule. Because there is an implicit deny
all rule at the end of every ACL, traffic that is not explicitly permitted is
dropped.
•
Match Every Packet—If enabled, the rule, which either has a permit or deny
action, matches the frame or packet regardless of its contents. If you enable
this feature, you cannot configure any additional match criteria. This option is
selected by default for a new rule. You must disable the option to configure
other match fields.
action, matches the frame or packet regardless of its contents. If you enable
this feature, you cannot configure any additional match criteria. This option is
selected by default for a new rule. You must disable the option to configure
other match fields.
•
EtherType—Choose to compare the match criteria against the value in the
header of an Ethernet frame. You can select an EtherType keyword or enter
an EtherType value to specify the match criteria.
header of an Ethernet frame. You can select an EtherType keyword or enter
an EtherType value to specify the match criteria.
-
Select from List—Choose one of these protocol types: appletalk, arp,
ipv4, ipv6, ipx, netbios, pppoe.
ipv4, ipv6, ipx, netbios, pppoe.
-
Match to Value—Enter a custom protocol identifier to which packets are
matched. The value is a four-digit hexadecimal number in the range of
0600 to FFFF.
matched. The value is a four-digit hexadecimal number in the range of
0600 to FFFF.
•
Class of Service—Enter an 802.1p user priority to compare against an
Ethernet frame. The valid range is from 0 to 7. This field is located in the first/
only 802.1Q VLAN tag.
Ethernet frame. The valid range is from 0 to 7. This field is located in the first/
only 802.1Q VLAN tag.
•
Source MAC—Requires the packet's source MAC address to match the
address defined in the appropriate fields.
address defined in the appropriate fields.
-
Source MAC Address—Enter the source MAC address to compare
against an Ethernet frame.
against an Ethernet frame.
-
Source MAC Mask—Enter the source MAC address mask specifying
which bits in the source MAC to compare against an Ethernet frame.
which bits in the source MAC to compare against an Ethernet frame.