Access Control
IPv4-based ACLs
NOTE
STEP 1
STEP 2
STEP 3
STEP 4
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Adding Rules (ACEs) to an IPv4-Based ACL
Each IPv4-based rule consumes one TCAM rule. Note that the TCAM allocation is
performed in couples, such that, for the first ACE, 2 TCAM rules are allocated and
the second TCAM rule is allocated to the next ACE, and so forth.
To add rules (ACEs) to an IPv4-based ACL:
Click Access Control > IPv4-Based ACE.
Select an ACL, and click Go. All currently-defined IP ACEs for the selected ACL are
displayed.
Click Add.
Enter the parameters.
•
ACL Name—Displays the name of the ACL.
•
Priority—Enter the priority. ACEs with higher priority are processed first.
•
Action—Select the action assigned to the packet matching the ACE. The
options are as follows:
Permit
-
—Forward packets that meet the ACE criteria.
Deny
-
—Drop packets that meet the ACE criteria.
Shutdown
-
—Drop packet that meets the ACE criteria and disable the port
to which the packet was addressed. Ports are reactivated from the Port
Management page.
•
Time Range—Select to enable limiting the use of the ACL to a specific time
range.
•
Time Range Name—If Time Range is selected, select the time range to be
used. Time ranges are defined in the
•
Protocol—Select to create an ACE based on a specific protocol or protocol
ID. Select Any (IPv4) to accept all IP protocols. Otherwise select one of the
following protocols from the drop-down list:
ICMP
-
—Internet Control Message Protocol
IGMP
-
—Internet Group Management Protocol
IP in IP
-
—IP in IP encapsulation
TCP
-
—Transmission Control Protocol
<300-500>Time Range
24
section.
480