Configuring Device Security
Defining Access Control
ESW 500 Series Switches Administration Guide 167
5
• Source Port — Defines the TCP/UDP source port to which the ACE is matched.
This field is active only if 800/6-TCP or 800/17-UDP are selected in the Select
from List drop-down list. The possible field range is 0 - 65535.
• Destination Port — Defines the TCP/UDP destination port. This field is active
only if 800/6-TCP or 800/17-UDP are selected in the Select from List drop-
down list. The possible field range is 0 - 65535.
• TCP Flags — Filters packets by TCP EtherChannel. Filtered packets are either
forwarded or dropped. Filtering packets by TCP EtherChannels increases
packet control, which increases network security.
• ICMP — Indicates if ICMP packets are permitted on the network. The possible
field values are as follows:
• ICMP Code — Indicates and ICMP message code for filtering ICMP packets.
ICMP packets that are filtered by ICMP message type can also be filtered by
the ICMP message code.
• IGMP — Filters packets by IGMP message or message types.
• Source IP Address — Matches the source port IP address to which packets are
addressed to the ACE.
• Dest. IP Address — Matches the destination port IP address to which packets
are addressed to the ACE.
• Traffic Class — Indicates the traffic class to which the packet is matched.
• Select either Match DSCP or Match IP:
• Match DSCP — Matches the packet to the DSCP tag value.
• Match IP Precedence — Matches the packet IP Precedence value to the
ACE. Either the DSCP value or the IP Precedence value is used to match
packets to ACLs. The possible field range is 0-7.
• Action — Indicates the action assigned to the packet matching the ACL.
Packets are forwarded or dropped. In addition, the port can be shutdown, a
trap can be sent to the network administrator, or packet is assigned rate
limiting restrictions for forwarding. The options are as follows:
-
Permit
— Forwards packets which meet the ACL criteria.
-
Deny
— Drops packets which meet the ACL criteria.
-
Shutdown
— Drops packet that meets the ACL criteria, and disables the
port to which the packet was addressed. Ports are reactivated from the
Port Management
page.
To Next Page
Loading...
Need help?
General