Cisco 500 Series Administration Manual page 592

Access Control
IPv4-based ACLs
Cisco 500 Series Stackable Managed Switch Administration Guide
- Single from number—Enter a single TCP/UDP source port to which
packets are matched. This field is active only if 800/6-TCP or 800/17-UDP
is selected in the Select from List drop-down menu.
- Range—Select a range of TCP/UDP source ports to which the packet is
matched. There are eight different port ranges that can be configured
(shared between source and destination ports). TCP and UDP protocols
each have eight port ranges.
• Destination Port—Select one of the available values that are the same as
the Source Port field described above.
You must specify the IP protocol for the ACE before you can enter the
NOTE
source and/or destination port.
• TCP Flags—Select one or more TCP flags with which to filter packets.
Filtered packets are either forwarded or dropped. Filtering packets by TCP
flags increases packet control, which increases network security.
• Type of Service—The service type of the IP packet.
Any
- —Any service type
DSCP to Match
-
IP Precedence to match
-
service) that the network uses to help provide the appropriate QoS
commitments. This model uses the 3 most significant bits of the service
type byte in the IP header, as described in RFC 791 and RFC 1349.
• ICMP—If the IP protocol of the ACL is ICMP, select the ICMP message type
used for filtering purposes. Either select the message type by name or enter
the message type number:
- Any—All message types are accepted.
- Select from list—Select message type by name.
- ICMP Type to Match—Number of message type to be used for filtering
purposes.
• ICMP Code—The ICMP messages can have a code field that indicates how
to handle the message. Select one of the following options to configure
whether to filter on this code:
- Any—Accept all codes.
- User Defined—Enter an ICMP code for filtering purposes.
—Differentiated Serves Code Point (DSCP) to match
—IP precedence is a model of TOS (type of
27
590