CLI Reference Guide
Using Access Control Lists for Security 309
Creating an IP ACE
1 In the ACL Setup page of the Create ACL wizard, click New. A list of ACE
types appears.
2 Select New IP ACE. The Create IP ACE dialog box appears.
3 In the Action list, select Permit to allow access if the conditions in the
ACE are matched, or Deny to refuse access if the conditions are
matched.
4 If you select Permit, in the CoS box, specify a class-of-service (CoS) level
for packets:
By default, the CoS level is -1, which indicates that class of service is not
specified.
5 To enable counting of packets filtered by an ACL, select Enable Hit
Count.
6 In the Source IP box, type the source IP address and source wildcard mask
in classless interdomain routing (CIDR) notation (for example,
10.10.10.10/16).
A wildcard mask is a 32-bit quantity used with the IP address to
determine which bits in the address to ignore when compared with
another IP address. Source and destination IP addresses and
corresponding wildcard masks determine whether to forward or filter
packets.
The ACL checks the bits in IP addresses that correspond to zeros in the
mask, but does not check the bits that correspond to ones. The zero bit
must start at the beginning of the wildcard mask and must be
contiguous.
For example, if you specify 10.2.3.4/24, the source wildcard mask is
0.0.0.255.
To specify any IP address, use 0.0.0.0/0.
Packet Priority
Desired
CoS Value
MAP CoS Queue
Assigned
Background 1 or 2 Class 3
Best effort 0 or 3 Class 2
Video 4 or 5 Class 1
Voice 6 or 7 Class high