Allied Telesis AT-S94 User Manual

Configuring Device Security

Defining Access Control

Page 83

•

Destination

–

IPv4 Address — Matches the destination port IPv4 address to which packets are addressed to the ACE.

–

Mask — Defines the destination IP address wildcard mask. Wildcard masks specify which bits are used

and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A
wildcard of 0.0.0.0 indicates that all the bits are important.

•

Flag Set — Sets the indicated TCP flag that can be triggered. The possible values are:

–

Urg, Ack, Psh, Rst, Syn, and Fin.

The indicated value setting is represented by one of the following:

–

1 — Flag is set.

–

0 — Flag is disabled.

–

x — Don’t care.

•

ICMP Type — Filters packets by ICMP message type. The field values are 0-255.

•

ICMP Code — Indicates and ICMP message code for filtering ICMP packets. ICMP packets that are filtered

by ICMP message type can also be filtered by the ICMP message code.

•

IGMP Type — Filters packets by IGMP message or message types.

•

DSCP — Matches the packets DSCP value.

•

IP Prec. — Matches the packet IP Precedence value to the ACE. Either the DSCP value or the IP

Precedence value is used to match packets to ACLs. The possible field range is 0-7.

•

Action — Indicates the action assigned to the packet matching the ACL. Packets are forwarded or dropped.

In addition, the port can be shut down, a trap can be sent to the network administrator, or packet is assigned
rate limiting restrictions for forwarding. The options are as follows:

–

Permit — Forwards packets which meet the ACL criteria.

–

Deny — Drops packets which meet the ACL criteria.

–

Shutdown — Drops packet that meets the ACL criteria, and disables the port to which the packet was

addressed. Ports are reactivated from the Port Management Page.

•

Delete — To remove an ACE, click the ACE’s checkbox and click the Delete button.