
76CHAPTER 4: MANAGING DEVICE SECURITY
wildcard mask matches all IP addresses in the range 149.36.184.0 to 149.36.184.255. A wildcard mask must not contain leading zeroes. For example, a wildcard mask of 010.010.011.010 is invalid, but a wildcard mask of 10.10.11.10 is valid.
■Match DSCP — Matches the packet DSCP value to the ACL. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.
■Match IP Precedence — Matches the packet IP Precedence value to the rule. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.
■Action — Defines the ACL forwarding action. In addition, the port can be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding. The options are as follows:
■Permit — Forwards packets which meet the ACL criteria.
■Deny — Drops packets which meet the ACL criteria.
■Shutdown — Drops packet that meets the ACL criteria, and disables the port to which the packet was addressed. Ports are reactivated from the Port Administration Setup Page.
To create a new
1Select Create ACL.
2Enter the name of the new ACL.
3Click . The new ACL is created, and the device is updated.
To define a new
1Select Selection ACL.
2Select the ACL from the list.
3Define the fields for the new ACL rule.
4 Click. The new