74
C
4: M
HAPTER
ANAGING
D
S
EVICE
ECURITY
The IP Based ACL Remove Page contains the following fields:
ACL Name — Contains a list of the IP-based ACLs.
■
Remove ACL — Removes an ACL. The possible field values are:
■
Checked — Removes the selected IP-based ACL.
■
Unchecked — Maintains the IP-based ACL.
■
Priority — Indicates the ACL priority, which determines which ACL is
■
matched to a packet on a first-match basis. The possible field values
are 1-2147483647.
Protocol — Indicates the protocol in the ACE to which the packet is
■
matched.
Destination Port — Defines the TCP/UDP destination port.
■
Source Port — Defines the TCP/UDP source port to which the ACL is
■
matched.
Flag Set — Sets the indicated TCP flag matched to the packet.
■
ICMP Type — Specifies an ICMP message type for filtering ICMP
■
packets.
ICMP Code — Specifies an ICMP message code for filtering ICMP
■
packets. ICMP packets that are filtered by ICMP message type can also
be filtered by the ICMP message code.
IGMP Type — IGMP packets can be filtered by IGMP message type.
■
Source Address — Indicates the source IP address.
■
Source Mask — Indicates the source IP address mask.
■
Destination Address — Indicates the destination IP address.
■
Destination Mask — Indicates the destination IP address mask.
■
DSCP — Matches the packet DSCP value to the ACL. Either the DSCP
■
value or the IP Precedence value is used to match packets to ACLs.
IP - Prec. — Indicates matching ip-precedence with the packet IP
■
precedence value.
Action — Indicates the ACL forwarding action. In addition, the port
■
can be shut down, a trap can be sent to the network administrator, or
packet is assigned rate limiting restrictions for forwarding. The options
are as follows:
Permit — Forwards packets which meet the ACL criteria.
■
Deny — Drops packets which meet the ACL criteria.
■