76CHAPTER 4: MANAGING DEVICE SECURITY

wildcard mask matches all IP addresses in the range 149.36.184.0 to 149.36.184.255. A wildcard mask must not contain leading zeroes. For example, a wildcard mask of 010.010.011.010 is invalid, but a wildcard mask of 10.10.11.10 is valid.

Match DSCP — Matches the packet DSCP value to the ACL. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.

Match IP Precedence — Matches the packet IP Precedence value to the rule. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.

Action — Defines the ACL forwarding action. In addition, the port can be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding. The options are as follows:

Permit — Forwards packets which meet the ACL criteria.

Deny — Drops packets which meet the ACL criteria.

Shutdown — Drops packet that meets the ACL criteria, and disables the port to which the packet was addressed. Ports are reactivated from the Port Administration Setup Page.

To create a new IP-based ACL:

1Select Create ACL.

2Enter the name of the new ACL.

3Click . The new ACL is created, and the device is updated.

To define a new IP-based ACL rule:

1Select Selection ACL.

2Select the ACL from the list.

3Define the fields for the new ACL rule.

4 Click. The new IP-based ACL rule settings are configured, and the device is updated.

Page 76
Image 76
3Com 2924-PWR manual Select Create ACL