Description Of Ip-Based Acls - Hirschmann MACH 4000 User Manual
Industrial ethernet (gigabit) switch
Hide thumbs
Also See for MACH 4000:
- Reference manual (286 pages) ,
- User manual (136 pages) ,
- Programming manual (116 pages)
Table of Contents
Advertisement
Protection from unauthorized access
6.6.2 Description of IP-based ACLs.
The Switch differentiates between standard and extended IP-based ACLs.
ACLs with an ID number (ACL ID)
1 to 99 are standard IP-based ACLs and
100 to 199 are extended IP-based ACLs.
Standard IP-based ACLs provide the following criteria for filtering:
IP source address with network mask
All data packets (match every)
Extended IP-based ACLs provide the following criteria for filtering:
All data packets (every)
Protocol number or protocol (IP, ICMP, IGMP, TCP, UDP)
IP source address with network mask or all IP source addresses (any)
Layer 4 protocol port numbers of the source (UDP port, TCP port)
IP destination address with network mask or all IP destination addresses
(any)
Layer 4 protocol port numbers of the destination (UDP port, TCP port)
ToS field with mask
DSCP field
IP precedence field
Note: If you are using IP ACLs at ports which are located in the HIPER-Ring
or which participate in the Ring/network coupling, you add the following rule
to the ACLs:
PERMIT
Protocol: UDP
Source IP: ANY
Destination IP: 0.0.0.0/32
Source port: 0
Destination port: 0
CLI command: access-list 1xx permit udp any eq 0 0.0.0.0
0.0.0.0 eq 0
Basic - L3P
Release 4.0 11/07
6.6 Access Control Lists (ACL).
19
Hide quick links:
Advertisement
Table of Contents
