3Com 3CBLSG24 User Guide - Page 66

66 CHAPTER 4: MANAGING DEVICE SECURITY ■ ICMP Code - Specifies an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code. ■ IGMP Type - IGMP packets can be filtered by IGMP message type. ■ Source Address - Matches the source IP address to which packets are addressed to the ACL. ■ Source Mask - Indicates the source IP address mask. ■ Destination Address - Matches the destination IP address to which packets are addressed to the ACL. ■ Destination Mask - Indicates the destination IP address mask. ■ DSCP - Matches the packet DSCP value to the ACL. Either the DSCP value or the IP Precedence value is used to match packets to ACLs. ■ IP - Prec. - Indicates matching ip-precedence with the packet IP precedence value. ■ Action - Indicates the ACL forwarding action. In addition, the port can be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding. The options are as follows: ■ Permit - Forwards packets which meet the ACL criteria. ■ Deny - Drops packets which meet the ACL criteria. ■ Shutdown - Drops packet that meets the ACL criteria, and disables the port to which the packet was addressed. Ports are reactivated from the Port Administration Setup Page. Defining IP Based ACLs Access Control Lists (ACL) allow network managers to define classification actions and rules for specific ingress ports. Your switch supports up to 256 ACLs. Packets entering an ingress port, with an active ACL, are either admitted or denied entry. If they are denied entry, the user can disable the port. ACLs are composed of access control entries (ACEs) that are made of the filters that determine traffic classifications. The total number of ACEs that can be defined in all ACLs together is 256. Monitor users have no access to this page.