Configuring Device Security
Defining Access Control
Cisco Small Business SFE/SGE Managed Switches Administration Guide
•
Destination Port — Defines the TCP/UDP destination port. This field is active
only if 800/6-TCP or 800/17-UDP are selected in the Select from List drop-
down menu. The possible field range is 0 - 65535.
•
TCP Flags — Filters packets by TCP flag. Filtered packets are either forwarded
or dropped. Filtering packets by TCP flags increases packet control, which
increases network security. The possible field values are:
•
ICMP — Indicates if ICMP packets are permitted on the network. The possible
field values are as follows:.
•
ICMP Code — Indicates and ICMP message code for filtering ICMP packets.
ICMP packets that are filtered by ICMP message type can also be filtered by
the ICMP message code.
•
IGMP — Filters packets by IGMP message or message types.
•
Source
-
IP Address
are addressed to the ACE.
-
Wildcard Mask
Wildcard masks specify which bits are used and which bits are ignored.
A wildcard mask of 255.255.255.255 indicates that no bit is important. A
wildcard of 0.0.0.0 indicates that all the bits are important. For example, if
the source IP address 149.36. 1 84. 1 98 and the wildcard mask is
255.36. 1 84.00, the first eight bits of the IP address are ignored, while the
last eight bits are used.
•
Destination
-
IP Address
are addressed to the ACE.
-
Wildcard Mask
mask.
•
Traffic Class — Indicates the traffic class to which the packet is matched.
Select either Match DSCP or Match IP Precedence.
•
Match DSCP
— Matches the packet to the DSCP tag value.
•
Match IP Precedence
ACE. Either the DSCP value or the IP Precedence value is used to match
packets to ACLs. The possible field range is 0-7.
— Matches the source port IP address from which packets
— Defines the source IP address wildcard mask.
— Matches the destination port IP address to which packets
— Defines the destination IP address of the wildcard
— Matches the packet IP Precedence value to the
4
107