192 | Chapter 5: Managing Device Security
GS716Tv2 and GS724Tv3 Software Administration Manual
To configure rules for an IP ACL:
1. To add an IP ACL rule, select the ACL ID to add the rule to, complete the fields
described in the following list, and click Add.
• Rule ID. Specify a number from 1–10 to identify the IP ACL rule. You can create up to
10 rules for each ACL.
• Action. Selects the ACL forwarding action, which is one of the following:
• Permit. Forwards packets which meet the ACL criteria.
• Deny. Drops packets which meet the ACL criteria.
• Assign Queue ID. Specifies the hardware egress queue identifier used to handle all
packets matching this ACL rule. Enter an identifying number from 0–3 in the
appropriate field.
• Match Every. Requires a packet to match the criteria of this ACL. Select True or
False from the drop down menu. Match Every is exclusive to the other filtering rules,
so if Match Every is True, the other rules on the screen are not available.
• CPU Notification Mode. This field is configurable only when the action is denied.
• Enable. The switch to turn off PoE power to the port if the user is rejected by ACL.
When the rule is hit and the PoE component receives this notification, the PoE
component turns off PoE power for the port. To turn on the port power, you must
manually enable the PoE port Admin Mode.
• Disable: When a packet matches the ACL rule, the CPU is not notified, and the
port continues to provide power.
• Source IP Address. Requires a packet’s source IP address to match the address
listed here. Type an IP Address in the appropriate field using dotted-decimal notation.
The address you enter is compared to a packet's source IP Address.
• Source IP Mask. Specifies the source IP address wildcard mask. Wild card masks
determines which bits are used and which bits are ignored. A wild card mask of
255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that
all of the bits are important. Wildcard masking for ACLs operates differently from a