GS716Tv2 and GS724Tv3 Software Administration Manual
To configure rules for an IP ACL:
1.To add an IP ACL rule, select the ACL ID to add the rule to, complete the fields described in the following list, and click Add.
•Rule ID. Specify a number from
•Action. Selects the ACL forwarding action, which is one of the following:
•Permit. Forwards packets which meet the ACL criteria.
•Deny. Drops packets which meet the ACL criteria.
•Assign Queue ID. Specifies the hardware egress queue identifier used to handle all packets matching this ACL rule. Enter an identifying number from
•Match Every. Requires a packet to match the criteria of this ACL. Select True or False from the drop down menu. Match Every is exclusive to the other filtering rules, so if Match Every is True, the other rules on the screen are not available.
•CPU Notification Mode. This field is configurable only when the action is denied.
•Enable. The switch to turn off PoE power to the port if the user is rejected by ACL. When the rule is hit and the PoE component receives this notification, the PoE component turns off PoE power for the port. To turn on the port power, you must manually enable the PoE port Admin Mode.
•Disable: When a packet matches the ACL rule, the CPU is not notified, and the port continues to provide power.
•Source IP Address. Requires a packet’s source IP address to match the address listed here. Type an IP Address in the appropriate field using
•Source IP Mask. Specifies the source IP address wildcard mask. Wild card masks determines which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that all of the bits are important. Wildcard masking for ACLs operates differently from a
192 Chapter 5: Managing Device Security
