Справочник Пользователя для Cisco SRW208

 

•

Drops packets which meet the ACL criteria.

 

•

Drops  packet  that  meets  the  ACL 

criteria,  and  disables  the  port  to  which  the  packet 

was  addressed.  Ports  are  reactivated  from  the  Port 

Management screen.

Creates an ACE (Access Control Event) based on 

a specific protocol.

Selects  from  a  protocols  list  on  which 

ACE can be based. The possible field values are:

 

•

Matches the protocol to any protocol.

 

•

Indicates that the Enhanced Interior Gateway 

Routing  Protocol  (EIGRP)  is  used  to  classify  network 

flows.

 

•

Indicates  that  the  Internet  Control  Message 

Protocol (ICMP) is used to classify network flows.

 

•

Indicates that the Internet Group Management 

Protocol (IGMP) is used to classify network flows.

 

•

Indicates that the Transmission Control Protocol 

is used to classify network flows.

 

•

Matches the packet to the Open Shortest Path 

First (OSPF) protocol.

 

•

Indicates  that  the  User  Datagram  Protocol  is 

used to classify network flows.

Adds  user-defined  protocols  to 

which packets are matched to the ACE. Each protocol has 

a specific protocol number which is unique. The possible 

field range is 0-255. 

Filters  packets  by  TCP  flag.  Filtered  packets 

are either forwarded or dropped. Filtering packets by TCP 

flags  increases  packet  control,  which  increases  network 

security. The values that can be assigned are: 

 

•

Enables filtering packets by selected flags. 

 

•

Disables filtering packets by selected flags. 

 

•

Indicates  that  selected  packets  do  not 

influence the packet filtering process.

The TCP Flags that can be selected are:

Indicates the packet is urgent.

Indicates the packet is acknowledged.

Indicates the packet is pushed.

Indicates the connection is dropped.

Indicates request to start a session.

Indicates request to close a session. 

Defines the TCP/UDP source port to which 

the ACE is matched. This field is active only if 800/6-TCP or 

800/17-UDP are selected in the Select from List drop-down 

menu. The possible field range is 0 - 65535.

Defines  the  TCP/UDP  destination 

port. This field is active only if 800/6-TCP or 800/17-UDP 

are selected in the Select from List drop-down menu. The 

possible field range is 0 - 65535.

Matches the source port IP address to 

which packets are addressed to the ACE.

Defines  the  source  IP  address  wildcard 

mask.  Wildcard  masks  specify  which  bits  are  used  and 

which bits are ignored. A wild card mask of 255.255.255.255 

indicates  that  no  bit  is  important.  A  wildcard  of  0.0.0.0 

indicates that all the bits are important. For example, if the 

source IP address 149.36.184.198 and the wildcard mask 

is 255.36.184.00, the first eight bits of the IP address are 

ignored, while the last eight bits are used.

Matches the destination port IP address 

to which packets are addressed to the ACE.

Defines  the  destination  IP  address 

wildcard mask.

Matches the packet DSCP value to the ACE. 

Either the DSCP value or the IP Precedence value is used to 

match packets to ACLs. The possible field range is 0-63.

Matches the packet IP Precedence 

value to the ACE. Either the DSCP value or the IP Precedence 

value is used to match packets to ACLs. The possible field 

range is 0-7.
The Add to List button adds the configured IP Based ACLs 

to the IP Based ACL Table at the bottom of the screen.

ACL > MAC based ACL