92CHAPTER 4: MANAGING DEVICE SECURITY

Source IP Address — If selected, enables matching the source port IP address to which packets are addressed to the rule, according to a wildcard mask. The field value is either user defined or Any. If Any is selected, accepts any source IP address and disables wildcard mask filtering.

Wild Card Mask — Defines the source IP address wildcard mask. Wildcard masks specify which bits are used and which bits are ignored. A wildcard mask of 255.255.255.255 indicates that all the bits are important. A wildcard mask of 0.0.0.0 indicates that no bits are important. For example, if the source IP address is 149.36.184.198 and the wildcard mask is 255.255.255.0, the first three bytes of the IP address are matched, while the last eight bits are ignored. For the source IP address 149.36.184.198, this wildcard mask matches all IP addresses in the range 149.36.184.0 to 149.36.184.255. A wildcard mask must not contain leading zeroes. For example, a wildcard mask of 010.010.011.010 is invalid, but a wildcard mask of 10.10.11.10 is valid.

Destination IP Address — If selected, enables matching the destination port IP address to which packets are addressed to the rule, according to a wildcard mask. The field value is either user defined or Any. If Any is selected, accepts any destination IP address and disables wildcard mask filtering.

Wild Card Mask — Indicates the destination IP Address wildcard mask. Wildcards are used to mask all or part of a destination IP Address. Wildcard masks specify which bits are used and which bits are ignored. For more details, refer to the description for wildcard masks under Source IP Address.

Match DSCP — Matches the packet DSCP value to the ACL. Either the DSCP value or the IP Precedence value is used to match packets to ACLs. The possible field range is 0-7.

Match IP Precedence — Matches the packet IP Precedence value to the rule. Either the DSCP value or the IP Precedence value is used to match packets to ACLs. The possible field range is 0-63.

Action — Defines the ACL forwarding action. The options are as follows:

Permit — Forwards packets which meet the ACL criteria.

Deny — Drops packets which meet the ACL criteria.

Page 92
Image 92
3Com 3CRDSF9PWR manual Managing Device Security