Protection from unauthorized access
Basic - L3P
Release
4.0
11/07
6.6
Access Control Lists (ACL).
19
6.6.2 Description of IP-based ACLs.
The Switch differentiates between standard and extended IP-based ACLs.
ACLs with an ID number (ACL ID)
X 1 to 99 are standard IP-based ACLs and
X 100 to 199 are extended IP-based ACLs.
Standard IP-based ACLs provide the following criteria for filtering:
X IP source address with network mask
X All data packets (match every)
Extended IP-based ACLs provide the following criteria for filtering:
X All data packets (every)
X Protocol number or protocol (IP, ICMP, IGMP, TCP, UDP)
X IP source address with network mask or all IP source addresses (any)
X Layer 4 protocol port numbers of the source (UDP port, TCP port)
X IP destination address with network mask or all IP destination addresses
(any)
X Layer 4 protocol port numbers of the destination (UDP port, TCP port)
X ToS field with mask
X DSCP field
X IP precedence field
Note: If you are using IP ACLs at ports which are located in the HIPER-Ring
or which participate in the Ring/network coupling, you add the following rule
to the ACLs:
X PERMIT
X Protocol: UDP
X Source IP: ANY
X Destination IP: 0.0.0.0/32
X Source port: 0
X Destination port: 0
X CLI command: access-list 1xx permit udp any eq 0 0.0.0.0
0.0.0.0 eq 0
To Next Page
Loading...
Need help?
General
