User Manual
Table Of Contents
- M6100 Web Management User Guide
- Contents
- 1. Getting Started
- 2. Configuring System Information
- 3. Configuring Switching Information
- 4. Routing
- 5. Configuring Quality of Service
- 6. Managing Device Security
- 7. Monitoring the System
- 8. Maintenance
- 9. Help
- A. Default Settings
- B. Configuration Examples
- C. Notification of Compliance
Managing Device Security
482
M6100 Web Management User Guide
To configure rules for an IP ACL:
1. T
o add an IP ACL rule, select the ACL ID to add the rule to, complete the fields
described in the following list, and click Add. (Only displays ACL IDs from 1 to 99.)
• Rule ID - Enter a whole number in the range of 1 to 1023 that will be used to identify
the rule.
An IP ACL may have up to 1023 rules.
• Action - Specify what action should be taken if a packet matches the rule's criteria.
The choices are permit or deny
.
• Logging - When set to Enable, logging is enabled for this
ACL rule (subject to
resource availability in the device). If the Access List Trap Flag is also enabled, this
will cause periodic traps to be generated indicating the number of times this rule was
hit during the current report interval. A fixed 5-minute report interval is used for the
entire system. A trap is not issued if the ACL rule hit count is zero for the current
interval. This field is visible for a Deny Action.
• Assign Queue ID - Specifies the hardware egress queue identifier used to handle all
packets matching this IP
ACL rule. Valid range of Queue Ids is (0 to 6). This field is
visible when 'Permit' is chosen as 'Action'.
• Match Every - Select true or false from the menu.
True signifies that all packets will
match the selected IP ACL and Rule and will be either permitted or denied. In this
case, since all packets match the rule, the option of configuring other match criteria
will not be offered. To configure specific match criteria for the rule, remove the rule
and re-create it, or re-configure 'Match Every' to 'False' for the other match criteria to
be visible.
• Mirror Interface - Specifies the specific egress interface where the matching traf
fic
stream is copied in addition to being forwarded normally by the device. This field
cannot be set if a Redirect Interface is already configured for the ACL rule. This field
is visible for a Permit Action.
• Redirect Interface - Specifies the specific egress interface where the matching traf
fic
stream is forced, bypassing any forwarding decision normally performed by the
device. This field cannot be set if a Mirror Interface is already configured for the ACL
rule. This field is enabled for a 'Permit' Action.
• Source IP
Address - Enter an IP address using dotted-decimal notation to be
compared to a packet's source IP Address as a match criteria for the selected IP ACL
rule.
• Source IP Mask - Specify the IP Mask in dotted-decimal notation to be used with the
Source IP
Address value.