Table of Contents
Advertisement
Chapter 32
ACL Editor
Description
Log Matches Against This Entry
Add an Extended Rule Entry
Note
Action
OL-4015-12
Mask
If you selected A Network or if you selected A Host Name or IP address, either
select the wildcard mask from this list, or enter a custom wildcard mask. A binary
0 in a wildcard mask means that the corresponding bit in a packet's IP address
must match exactly. A binary 1 in a wildcard mask means that the corresponding
bit in the packet's IP address need not match.
Hostname/IP
If you selected A Host Name or IP address in the Type field, enter the name oro
the IP address of the host. If you enter a hostname, the router must be configured
to use a DNS server.
You can enter a short description of the entry in this field. The description must
be fewer than 100 characters long.
If you have specified syslog in System Properties, you can check this box;
matches will be recorded in the system log.
An extended rule entry allows you to permit or deny traffic based on its source
and destination and on the protocol and service specified in the packet.
Any traffic that does not match the criteria in one of the rule entries you create is
implicitly denied. To ensure that traffic you do not intend to deny is permitted, you
must append explicit permit entries to the rule that you are configuring.
Select the action you want the router to take when a packet matches the criteria in
the rule entry. The choices are Permit and Deny. If you are creating an entry for
an IPSec rule, the choices are protect the traffic and don't protect the traffic.
Cisco Router and Security Device Manager 2.5 User's Guide
Rules Windows
32-13
Advertisement
Table of Contents
Troubleshooting
