Table of Contents
Advertisement
Access Control
Configuring IPv4-Based ACEs
Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x
-
Range—Select a range of TCP/UDP source ports to which the packet is
matched. There are eight different port ranges that can be configured
(shared between source and destination ports). TCP and UDP protocols
each have eight port ranges.
•
Destination Port—Select one of the available values. (They are the same as
for the Source Port field.)
You must select an IP protocol for the ACE before you enter the source
NOTE
and destination ports.
•
TCP Flags—Select one or more TCP flags with which to filter packets.
Filtered packets are either forwarded or dropped. Filtering packets by TCP
flags increases packet control, which increases network security.
Set
-
—Match if the flag is SET.
Unset
-
—Match if the flag is Not SET.
-
Don't care
—Ignore the TCP flag.
•
Type of Service—Select the service type of IP packets. The options are:
Any
-
—Any service type.
-
DSCP to match
IP Precedence to match
-
service) that the network uses to help provide the appropriate QoS
commitments. This model uses the 3 most significant bits of the service
type byte in the IP header, as described in RFC 791 and RFC 1349.
•
ICMP—If the IP protocol of the ACL is ICMP, select the ICMP message type
used for filtering purposes. The options are:
Any (IP)
-
—All message types are accepted.
Select from list
-
ICMP Type to match
-
filtering purposes.
•
ICMP Code—The ICMP messages can have a code field that indicates how
to handle the message. Select Any to accept all codes, or select User
Defined to enter an ICMP code for filtering purposes.
—Differentiated Serves Code Point (DSCP) to match.
—IP precedence is a model of TOS (type of
—Select message type by name.
—Enter the number of message type to be used for
17
242
Hide quick links:
Advertisement
Table of Contents
