User Manual
Table Of Contents
- M6100 Web Management User Guide
- Contents
- 1. Getting Started
- 2. Configuring System Information
- 3. Configuring Switching Information
- 4. Routing
- 5. Configuring Quality of Service
- 6. Managing Device Security
- 7. Monitoring the System
- 8. Maintenance
- 9. Help
- A. Default Settings
- B. Configuration Examples
- C. Notification of Compliance
Managing Device Security
489
M6100 Web Management User Guide
1. Use Rule ID to enter a whole number in the range of 1 to 1023 that will be used to
identify the rule. An IP ACL may have up to 1023 rules.
2. Use Action to specify what action should be taken if a packet matches the rule's criteria.
The choices are permit or deny
.
3. Use Logging to enable logging for this
ACL rule (subject to resource availability in the
device). If the Access List Trap Flag is also enabled, this will cause periodic traps to be
generated indicating the number of times this rule was 'hit' during the current report interval.
A fixed 5 minute report interval is used for the entire system. A trap is not issued if the ACL
rule hit count is zero for the current interval. This field is visible for a 'Deny' Action.
4. Use Assign Queue ID to specify the hardware egress queue identifier used to handle all
packets matching this IPv6
ACL rule. Valid range of Queue Ids is (0 to 7). This field is visible
for a 'Permit' Action.
5. Use Mirror Interface to specify the specific egress interface where the matching traf
fic
stream is copied in addition to being forwarded normally by the device. This field cannot be
set if a Redirect Interface is already configured for the ACL rule. This field is visible for a
'Permit' Action.
6. Use Redirect Interface to specify the specific egress interface where the matching traf
fic
stream is forced, bypassing any forwarding decision normally performed by the device. This
field cannot be set if a Mirror Interface is already configured for the ACL rule. This field is
visible for a 'Permit' Action.
7. Use Match Every to select true or false from the menu.
True signifies that all packets will
match the selected IPv6 ACL and Rule and will be either permitted or denied. In this case,
since all packets match the rule, the option of configuring other match criteria will not be
offered. To configure specific match criteria for the rule, remove the rule and re-create it, or
re-configure 'Match Every' to 'False' for the other match criteria to be visible.
8. There are two ways to configure IPv6 protocol.
a. Specify an integer ranging from 1 to 255 after selecting the protocol keyword other
.
This number represents the IP protocol.
b. Select the name of the protocol from the existing list of Internet Protocols (IPv6),
T
ransmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet
Control Message Protocol (ICMPv6).
9. Use TCP Flag to specify that a packet's
TCP flag is a match condition for the selected IPv6
ACL rule. The TCP flag values are URG, ACK, PSH, RST, SYN, FIN. Each TCP flag has the
following possible values and can be set separately:
• Ignore — A packet matches this ACL rule whether the TCP flag in this packet is set or
not.
• Set(+) — A packet matches this ACL rule if the TCP flag in this packet is set.
• Clear(-) — A packet matches this ACL rule if the TCP flag in this packet is not set.