Source Port

Destination Port

Source IP Address

Wildcard Mask

User’s Manual of WGSD-1022/WGSD-8000

Fin, indicates request to close a session.

Defines the TCP/UDP source port to which the ACE is matched. This field is active only if 800/6-TCP or 800/17-UDP is selected in the Select from List drop-down menu.

The possible field range is 0 - 65535

Defines the TCP/UDP destination port. This field is active only if 800/6-TCP or 800/17-UDP is selected in the Select from List drop-down menu.

The possible field range is 0 - 65535

Matches the source port IP address to which packets are addressed to the ACE

Defines the source IP address wildcard mask. Wildcard masks specify which bits are used and which bits are ignored.

A wild card mask of 255.255.255.255 indicates that no bit is important.

A wildcard of 0.0.0.0 indicates that all the bits are important.

For example, if the source IP address 149.36.184.198 and the wildcard mask is 255.36.184.00, the first eight bits of the IP address are ignored, while the last eight bits are used.

Destination IP Address

Wildcard Mask

Match DSCP

Match IP Precedence

Matches the destination port IP address to which packets are addressed to the ACE

Defines the destination IP address wildcard mask

Matches the packet DSCP value to the ACE. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.

The possible field range is 0-63

Matches the packet IP Precedence value to the ACE. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.

The possible field range is 0-7

Use the Add to List button when you add the configured IP Based ACLs to the IP Based ACL Table at the bottom of the

screen.

4.6.2 IP Based ACL Configure Sample

This section shows how to build a IP Based ACL and apply to specify interface.

Sample Case: Deny IP packets to specific Class C network

¾Purpose:

Verify a positive and negative matches to network IP address with a Class C (24 bit mask) , no matter the rule defined as

permit or deny.

- 66 –