•Source Port
•Destination Port
•Source IP Address
•Wildcard Mask
User’s Manual of
•Fin, indicates request to close a session.
Defines the TCP/UDP source port to which the ACE is matched. This field is active only if
The possible field range is 0 - 65535
Defines the TCP/UDP destination port. This field is active only if
The possible field range is 0 - 65535
Matches the source port IP address to which packets are addressed to the ACE
Defines the source IP address wildcard mask. Wildcard masks specify which bits are used and which bits are ignored.
A wild card mask of 255.255.255.255 indicates that no bit is important.
A wildcard of 0.0.0.0 indicates that all the bits are important.
For example, if the source IP address 149.36.184.198 and the wildcard mask is 255.36.184.00, the first eight bits of the IP address are ignored, while the last eight bits are used.
•Destination IP Address
•Wildcard Mask
•Match DSCP
•Match IP Precedence
Matches the destination port IP address to which packets are addressed to the ACE
Defines the destination IP address wildcard mask
Matches the packet DSCP value to the ACE. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.
The possible field range is
Matches the packet IP Precedence value to the ACE. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.
The possible field range is
Use the Add to List button when you add the configured IP Based ACLs to the IP Based ACL Table at the bottom of the
screen.
4.6.2 IP Based ACL Configure SampleThis section shows how to build a IP Based ACL and apply to specify interface.
■Sample Case: Deny IP packets to specific Class C network
¾Purpose:
Verify a positive and negative matches to network IP address with a Class C (24 bit mask) , no matter the rule defined as
permit or deny.
- 66 –