User Manual
Table Of Contents
- M6100 Web Management User Guide
- Contents
- 1. Getting Started
- 2. Configuring System Information
- 3. Configuring Switching Information
- 4. Routing
- 5. Configuring Quality of Service
- 6. Managing Device Security
- 7. Monitoring the System
- 8. Maintenance
- 9. Help
- A. Default Settings
- B. Configuration Examples
- C. Notification of Compliance
Managing Device Security
484
M6100 Web Management User Guide
3. Specify the Action to take if a packet matches the rule's criteria. The choices are Permit or
Deny.
4. Set Logging to Enable to enable logging for this ACL rule (subject to resource availability in
the device). If the Access List Trap Flag is also enabled, this will cause periodic traps to be
generated indicating the number of times this rule was hit during the current report interval.
A fixed 5 minute report interval is used for the entire system. A trap is not issued if the ACL
rule hit count is zero for the current interval. This field is visible for a Deny Action.
5. In the Assign Queue ID, specify the hardware egress queue identifier used to handle all
packets matching this IP ACL rule. The valid range of Queue IDs is 0 to 6.
6. Use the Mirror Interface field to specify the specific egress interface where the matching
traffic stream is copied, in addition to being forwarded normally by the device. This field
cannot be set if a Redirect Interface is already configured for the ACL rule. This field is
visible for a Permit Action.
7. Use the Redirect Interface field to specify the specific egress interface where the matching
traffic stream is forced, bypassing any forwarding decision normally performed by the device.
This field cannot be set if a Mirror Interface is already configured for the ACL rule. This field
is enabled for a Permit Action.
8. Select True or False from the Match Every menu. True signifies that all packets will match
the selected IP ACL and Rule and will be either permitted or denied. In this case, since all
packets match the rule, the option of configuring other match criteria will not be offered. To
configure specific match criteria for the rule, remove the rule and re-create it, or re-configure
Match Every to False for the other match criteria to be visible.
9. Use the Protocol Type field to specify that a packet's IP protocol is a match condition for the
selected IP ACL rule. The possible values are ICMP, IGMP, IP, TCP, UDP, EIGRP, GRE,
IPINIP, OSPF, and PIM.
10. In the TCP Flag field, specify that a packet's TCP flag is a match condition for the selected
IP ACL rule. The TCP flag values are URG, ACK, PSH, RST, SYN, and FIN. Each TCP flag
has the possible values below and can be set separately:
• Ignore — A packet matches this ACL rule whether the TCP flag in this packet is set or
not.
• Set (+) — A packet matches this ACL rule if the TCP flag in this packet is set.
• Clear(-) — A packet matches this ACL rule if the TCP flag in this packet is not set.
11. When Established is specified, a match occurs if either RST- or ACK-specified bits are set
in the TCP header. These fields are enabled only when TCP protocol is selected.
12. In the Src field, enter a source IP Address, using dotted-decimal notation, to be compared to
a packet's source IP Address as a match criteria for the selected IP ACL rule.
a. Select the IP Address option and enter an IP address with a relevant wild card mask
to apply this criteria. If this field is left empty, it means any.
b. When you select the Host option, the wild card mask is configured as 0.0.0.0. If this
field is left empty, it means any.
The wild card mask determines which bits are used and which bits are ignored. A wild
card mask of 0.0.0.0 indicates that none of the bits are important. A wild card of
255.255.255.255 indicates that all of the bits are important.