Table of Contents
Advertisement
26
STEP 5
IPv4-based ACL Creation
NOTE
577
Given a mask of 0000 0000 0000 0000 0000 0000 1111 1111 (which means that
NOTE
you match on the bits where there is 0 and don't match on the bits where there are 1's).
You need to translate the 1's to a decimal integer and you write 0 for each four zeros. In
this example since 1111 1111 = 255, the mask would be written: as 0.0.0.255.
•
Source MAC Address—Select Any if all source address are acceptable or User defined
to enter a source address or range of source addresses.
•
Source MAC Address Value—Enter the MAC address to which the source MAC
address is to be matched and its mask (if relevant).
•
Source MAC Wildcard Mask—Enter the mask to define a range of MAC addresses.
•
VLAN ID—Enter the VLAN ID section of the VLAN tag to match.
•
802.1p—Select Include to use 802.1p.
•
802.1p Value—Enter the 802.1p value to be added to the VPT tag.
•
802.1p Mask—Enter the wildcard mask to be applied to the VPT tag.
•
Ethertype—Enter the frame Ethertype to be matched.
Click Apply. The MAC-based ACE is saved to the Running Configuration file.
IPv4-based ACLs are used to check IPv4 packets, while other types of frames, such as ARPs,
are not checked.
The following fields can be matched:
•
IP protocol (by name for well-known protocols, or directly by value)
•
Source/destination ports for TCP/UDP traffic
•
Flag values for TCP frames
•
ICMP and IGMP type and code
•
Source/destination IP addresses (including wildcards)
•
DSCP/IP-precedence value
ACLs are also used as the building elements of flow definitions for per-flow QoS handling.
Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x
Access Control
IPv4-based ACL Creation
Hide quick links:
Advertisement
Table of Contents
