Cisco 300 Series Administration Manual page 518

Access Control
IPv4-based ACLs
NOTE
STEP 1
STEP 2
STEP 3
STEP 4
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Adding Rules (ACEs) to an IPv4-Based ACL
Each IPv4-based rule consumes one TCAM rule. Note that the TCAM allocation is
performed in couples, such that, for the first ACE, 2 TCAM rules are allocated and
the second TCAM rule is allocated to the next ACE, and so forth.
To add rules (ACEs) to an IPv4-based ACL:
Click Access Control > IPv4-Based ACE.
Select an ACL, and click Go. All currently-defined IP ACEs for the selected ACL are
displayed.
Click Add.
Enter the parameters.
• ACL Name—Displays the name of the ACL.
• Priority—Enter the priority. ACEs with higher priority are processed first.
• Action—Select the action assigned to the packet matching the ACE. The
options are as follows:
Permit
- —Forward packets that meet the ACE criteria.
Deny
- —Drop packets that meet the ACE criteria.
Shutdown
- —Drop packet that meets the ACE criteria and disable the port
to which the packet was addressed. Ports are reactivated from the Port
Management page.
• Time Range—Select to enable limiting the use of the ACL to a specific time
range.
• Time Range Name—If Time Range is selected, select the time range to be
used. Time ranges are defined in the
• Protocol—Select to create an ACE based on a specific protocol or protocol
ID. Select Any (IPv4) to accept all IP protocols. Otherwise select one of the
following protocols from the drop-down list:
ICMP
- —Internet Control Message Protocol
IGMP
- —Internet Group Management Protocol
IP in IP
- —IP in IP encapsulation
TCP
- —Transmission Control Protocol
<300-500>Time Range
24
section.
480