3-41
Item Description
Protocol
Defines the protocol in the rule to which the packet is matched. The possible
fields are:
z Select from List: Selects a protocol from a list by which packets are
matched to the rule.
z Protocol ID: Selects a protocol ID from a list by which packets are
matched to the rule.
Source Port
Defines the source port that is used for matched packets. Enabled only when
TCP or UDP are selected in the Protocol list. The field value is either user
defined or Any. If Any is selected the IP based ACL is applied to any source
port.
Destination Port
Defines the destination port that is used for matched packets. Enabled only
when TCP or UDP are selected in the Protocol list. The field value is either
user defined or Any. If Any is selected, the IP based ACL is applied to any
destination port.
TCP Flags
If checked, enables configuration of TCP flags matched to the packet. The
possible fields are:
z Urg: Urgent pointer field significant. The urgent pointer points to the
sequence number of the octet following the urgent data.
z Ack: Acknowledgement field significant. The acknowledgement field is
the byte number of the next byte that the sender expects to receive from
the receiver.
z Psh: Push (send) the data as soon as possible, without buffering. This is
used for interactive traffic.
z Rst: Reset the connection. This invalidates the sequence numbers and
aborts the session between the sender and receiver.
z Syn: Synchronize Initial Sequence Numbers (ISNs). This is used to
initialize a new connection.
z Fin: Finish. This indicates there is no more data from the sender. This
marks a normal closing of the session between the sender and receiver.
Source IP Address
If selected, enables matching the source port IP address to which packets
are addressed to the rule, according to a wildcard mask. The field value is
either user defined or Any. If Any is selected, accepts any source IP address
and disables wildcard mask filtering.
Dest IP Address
If selected, enables matching the destination port IP address to which
packets are addressed to the rule, according to a wildcard mask. The field
value is either user defined or Any. If Any is selected, accepts any
destination IP address and disables wildcard mask filtering.
Match DSCP If selected, matches the packet DSCP value to the ACL.
Match IP
Precedence
If selected, Matches the packet IP Precedence value to the ACL.
Action
Defines the ACL forwarding action. In addition, a trap can be sent to the
network administrator, or packet is assigned rate limiting restrictions for
forwarding. The options are as follows:
z Permit: Forwards packets which meet the ACL criteria.
z Deny: Drops packets which meet the ACL criteria.
To create a new IP-based ACL:
1) Select Create ACL.
2) Enter the name of the new ACL.
3) Click Create.
To define a new IP-based ACL rule:
