beautypg.com

Allied Telesis AT-S94 User Manual

Page 87

background image

Configuring Device Security

Defining Access Control

Page 87

Destination Port — Defines the TCP/UDP destination port. This field is active only if 800/6-TCP or 800/17-

UDP are selected in the Select from List drop-down menu. The possible field range is 0 - 65535.

Source

IPv6 Address — Matches the source port IPv6 address from which packets are addressed to the ACE.

Mask — Defines the source IP address wildcard mask. Wildcard masks specify which bits are used and

which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A wildcard
of 0.0.0.0 indicates that all the bits are important.

Destination

IPv6 Address — Matches the destination port IPv6 address to which packets are addressed to the ACE.

Mask — Defines the destination IP address wildcard mask. Wildcard masks specify which bits are used

and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A
wildcard of 0.0.0.0 indicates that all the bits are important.

Flag Set — Sets the indicated TCP flag that can be triggered. The possible values are:

Urg, Ack, Psh, Rst, Syn, and Fin.

The indicated value setting is represented by one of the following:

1 — Flag is set.

0 — Flag is disabled.

x — Don’t care.

ICMP Type — Filters packets by ICMP message type. The field values are 0-255.

ICMP Code — Indicates and ICMP message code for filtering ICMP packets. ICMP packets that are filtered

by ICMP message type can also be filtered by the ICMP message code.

IGMP Type — Filters packets by IGMP message or message types.

DSCP — Matches the packets DSCP value.

IP Prec. — Matches the packet IP Precedence value to the ACE. Either the DSCP value or the IP

Precedence value is used to match packets to ACLs. The possible field range is 0-7.

Action — Indicates the action assigned to the packet matching the ACL. Packets are forwarded or dropped.

In addition, the port can be shut down, a trap can be sent to the network administrator, or packet is assigned
rate limiting restrictions for forwarding. The options are as follows:

Permit — Forwards packets which meet the ACL criteria.

Deny — Drops packets which meet the ACL criteria.

Shutdown — Drops packet that meets the ACL criteria, and disables the port to which the packet was

addressed. Ports are reactivated from the Port Management Page.

Delete — To remove an ACE, click the ACE’s checkbox and click the Delete button.

See also other documents in the category Allied Telesis Computer hardware: