Access Control
IPv6-Based ACLs
STEP 5
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
-
Range—Select a range of TCP/UDP source ports to which the packet is
matched.
•
Destination Port—Select one of the available values. (They are the same as
for the Source Port field described above).
You must specify the IPv6 protocol for the ACL before you can
NOTE
configure the source and/or destination port.
•
TCP Flags—Select one or more TCP flags with which to filter packets.
Filtered packets are either forwarded or dropped. Filtering packets by TCP
flags increases packet control, which increases network security.
-
Set—Match if the flag is SET.
-
Unset—Match if the flag is Not SET.
-
Dont care—Ignore the TCP flag.
•
Type of Service—The service type of the IP packet.
•
ICMP—If the ACL is based on ICMP, select the ICMP message type that is
used for filtering purposes. Either select the message type by name or enter
the message type number. If all message types are accepted, select Any.
-
Any—All message types are accepted.
-
Select from list—Select message type by name from the drop-down list.
-
ICMP Type to Match—Number of message type that is to be used for
filtering purposes.
•
ICMP Code—The ICMP messages may have a code field that indicates how
to handle the message. Select one of the following options, to configure
whether to filter on this code:
-
Any—Accept all codes.
-
User Defined—Enter an ICMP code for filtering purposes.
Click Apply.
24
486