Manualshelf

Technical information

ManualsBrandsADC ManualsComputer equipmentCuda 12000
391392393394395396397398399400
ADC Telecommunications, Inc.
398 C
HAPTER 14: IP PACKET FILTERING
Access Lists
Access lists are sequential groupings of permit and deny rules. These rules
enable you to permit or deny packets from crossing specified interfaces. An
access list is comprised of rules containing both match criteria and actions to
take upon finding a match.
Match criteria can include:
Source IP address and mask
Destination IP address and mask
Source TCP/UDP port range
Destination TCP/UDP port range
TCP Sync Flag
TCP Establish State
IP Type of Service (TOS) and mask
Actions that can be taken against matching packets include:
Permit
Deny
Change IP TOS
Access lists are pooled and indexed on a chassis-wide basis. Access lists are
then only used by an interface when you enable IP filtering on the interface
and apply the predefined access-lists to the interface. Each access-list is
identified by a list number that you define when creating the list.
Access lists are comprised of rules that are sequenced according to assigned
rule numbers. Packets are then matched against the lowest numbered rules
first.
Each rule defines a permit or deny action which determines whether the
packet is accepted or permitted when matched. Access lists include an
implicit deny command at the end. This means that an IP filter-enabled
interface rejects (drops) packets for which no match is found.