Foundry Networks Switch and Router Installation And Configuration Manual page 405

• If you enter a host name instead of an IP address, when you click Add to add the ACL, the Web
management interface sends a DNS query for the address. For the query to be successful, the device
must have network access to a DNS server and the server must have an Address record for the host. In
addition, the device must be configured with a DNS domain name and the IP address of the DNS server.
8. Enter the destination IP information. The options and requirements are the same as those for entering the
source IP information.
9. Select the IP precedence from the IP Precedence pulldown menu (optional). The precedence option for of an
IP packet is set in a three-bit field following the four-bit header-length field of the packet's header. You can
select one of the following:
• routine – The ACL matches packets that have the routine precedence.
• priority – The ACL matches packets that have the priority precedence.
• immediate – The ACL matches packets that have the immediate precedence.
• flash – The ACL matches packets that have the flash precedence.
• flash-override – The ACL matches packets that have the flash override precedence.
• critical – The ACL matches packets that have the critical precedence.
• internet – The ACL matches packets that have the internetwork control precedence.
• network – The ACL matches packets that have the network control precedence.
• none – The ACL does not use the IP precedence as part of the comparison when filtering.
10. Select the Type of Service (TOS) from the TOS menu (optional). You can select one or more of the following:
• normal – The ACL matches packets that have the normal TOS.
• min-monetary-cost or – The ACL matches packets that have the minimum monetary cost TOS.
• max-reliability – The ACL matches packets that have the maximum reliability TOS.
• max-throughput – The ACL matches packets that have the maximum throughput TOS.
• min-delay – The ACL matches packets that have the minimum delay TOS.
NOTE: To select more than one TOS option, hold the CTRL key while selecting each option.
11. If you specified the Deny action, optionally enable logging by selecting the Log checkbox. If you enable
logging for this ACL entry, the software generates Syslog entries for traffic that the ACL denies.
12. Specify the IP protocol. You can specify the protocol by name or by number.
• To specify the IP protocol by name, select the By Name radio button, then select the protocol from the
pulldown menu. You can select one of the following: icmp, igmp, igrp, ip, ospf, tcp, udp.
• To specify the IP protocol by number, select the By Number radio button, then enter the decimal number
of the protocol.
13. If you specified "tcp" or "udp" for the IP protocol, use the following steps to configure the source and
destination TCP or UDP options. Otherwise, go to Step 18.
14. Select the Established checkbox if you selected the TCP protocol and you want the ACL to apply to
established TCP sessions after you apply the ACL to an interface. Specifically, if you select this option, the
ACL applies to TCP packets that have the ACK (Acknowledgment) or RST (Reset) bits set on (set to "1") in
the Control Bits field of the TCP packet header. If you do not select this option, the ACL applies only to
sessions that begin after you apply the ACL to an interface.
15. Select the comparison operator for the source TCP or UDP port. You can select one of the following:
• Equal – The ACL applies to the TCP or UDP port you specify in the next step.
• NotEqual – The ACL applies to all TCP or UDP ports except the port you specify in the next step.
December 2000
Using Access Control Lists (ACLs)
13 - 17