Cisco SRW2008P User Guide - Page 37

Protocol ID To Match

Get Cisco SRW2008P - Small Business Managed Switch PDF manuals and user guides
UPC - 745883571024
View all Cisco SRW2008P manuals
Add to My Manuals
Save this manual to your list of manuals

Page 37 highlights

Chapter 5 Advanced Configuration •• Deny Drops packets which meet the ACL criteria. •• Shutdown Drops packet that meets the ACL criteria, and disables the port to which the packet was addressed. Ports are reactivated from the Port Management screen. Protocol Creates an ACE (Access Control Event) based on a specific protocol. Select from List Selects from a protocols list on which ACE can be based. The possible field values are: •• Any Matches the protocol to any protocol. •• EIGRP Indicates that the Enhanced Interior Gateway Routing Protocol (EIGRP) is used to classify network flows. •• ICMP Indicates that the Internet Control Message Protocol (ICMP) is used to classify network flows. •• IGMP Indicates that the Internet Group Management Protocol (IGMP) is used to classify network flows. •• TCP Indicates that the Transmission Control Protocol is used to classify network flows. •• OSPF Matches the packet to the Open Shortest Path First (OSPF) protocol. •• UDP Indicates that the User Datagram Protocol is used to classify network flows. Protocol ID To Match Adds user-defined protocols to which packets are matched to the ACE. Each protocol has a specific protocol number which is unique. The possible field range is 0-255. TCP Flags Filters packets by TCP flag. Filtered packets are either forwarded or dropped. Filtering packets by TCP flags increases packet control, which increases network security. The values that can be assigned are: •• Set Enables filtering packets by selected flags. •• Unset Disables filtering packets by selected flags. •• Don't care Indicates that selected packets do not influence the packet filtering process. The TCP Flags that can be selected are: Urg Indicates the packet is urgent. Ack Indicates the packet is acknowledged. Psh Indicates the packet is pushed. Rst Indicates the connection is dropped. Syn Indicates request to start a session. Fin Indicates request to close a session. 8-Port 10/100/1000 Gigabit Switch with Webview Source Port Defines the TCP/UDP source port to which the ACE is matched. This field is active only if 800/6-TCP or 800/17-UDP are selected in the Select from List drop-down menu. The possible field range is 0 - 65535. Destination Port Defines the TCP/UDP destination port. This field is active only if 800/6-TCP or 800/17-UDP are selected in the Select from List drop-down menu. The possible field range is 0 - 65535. Source IP Address Matches the source port IP address to which packets are addressed to the ACE. Wildcard Mask Defines the source IP address wildcard mask. Wildcard masks specify which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that all the bits are important. For example, if the source IP address 149.36.184.198 and the wildcard mask is 255.36.184.00, the first eight bits of the IP address are ignored, while the last eight bits are used. Dest. IP Address Matches the destination port IP address to which packets are addressed to the ACE. Wildcard Mask Defines the destination IP address wildcard mask. Match DSCP Matches the packet DSCP value to the ACE. Either the DSCP value or the IP Precedence value is used to match packets to ACLs. The possible field range is 0-63. Match IP Precedence Matches the packet IP Precedence value to the ACE. Either the DSCP value or the IP Precedence value is used to match packets to ACLs. The possible field range is 0-7. The Add to List button adds the configured IP Based ACLs to the IP Based ACL Table at the bottom of the screen. ACL > MAC based ACL ACL > MAC based ACL 31

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
Chapter 5
Advanced Configuration
31
8-Port 10/100/1000 Gigabit Switch with Webview
Deny
Drops packets which meet the ACL criteria.
Shutdown
Drops
packet
that
meets
the
ACL
criteria, and disables the port to which the packet
was addressed. Ports are reactivated from the
Port
Management
screen.
Protocol
Creates an ACE (Access Control Event) based on
a specific protocol.
Select from List
Selects from a protocols list on which
ACE can be based. The possible field values are:
Any
Matches the protocol to any protocol.
EIGRP
Indicates that the Enhanced Interior Gateway
Routing Protocol (EIGRP) is used to classify network
flows.
ICMP
Indicates that the Internet Control Message
Protocol (ICMP) is used to classify network flows.
IGMP
Indicates that the Internet Group Management
Protocol (IGMP) is used to classify network flows.
TCP
Indicates that the Transmission Control Protocol
is used to classify network flows.
OSPF
Matches the packet to the Open Shortest Path
First (OSPF) protocol.
UDP
Indicates that the User Datagram Protocol is
used to classify network flows.
Protocol ID To Match
Adds user-defined protocols to
which packets are matched to the ACE. Each protocol has
a specific protocol number which is unique. The possible
field range is 0-255.
TCP Flags
Filters packets by TCP flag. Filtered packets
are either forwarded or dropped. Filtering packets by TCP
flags increases packet control, which increases network
security. The values that can be assigned are:
Set
Enables filtering packets by selected flags.
Unset
Disables filtering packets by selected flags.
Don’t care
Indicates that selected packets do not
influence the packet filtering process.
The TCP Flags that can be selected are:
Urg
Indicates the packet is urgent.
Ack
Indicates the packet is acknowledged.
Psh
Indicates the packet is pushed.
Rst
Indicates the connection is dropped.
Syn
Indicates request to start a session.
Fin
Indicates request to close a session.
Source Port
Defines the TCP/UDP source port to which
the ACE is matched. This field is active only if 800/6-TCP or
800/17-UDP are selected in the
Select from List
drop-down
menu. The possible field range is 0 - 65535.
Destination
Port
Defines
the
TCP/UDP
destination
port. This field is active only if 800/6-TCP or 800/17-UDP
are selected in the
Select from List
drop-down menu. The
possible field range is 0 - 65535.
Source IP Address
Matches the source port IP address to
which packets are addressed to the ACE.
Wildcard Mask
Defines the source IP address wildcard
mask. Wildcard masks specify which bits are used and
which bits are ignored. A wild card mask of 255.255.255.255
indicates that no bit is important. A wildcard of 0.0.0.0
indicates that all the bits are important. For example, if the
source IP address 149.36.184.198 and the wildcard mask
is 255.36.184.00, the first eight bits of the IP address are
ignored, while the last eight bits are used.
Dest. IP Address
Matches the destination port IP address
to which packets are addressed to the ACE.
Wildcard
Mask
Defines
the
destination
IP
address
wildcard mask.
Match DSCP
Matches the packet DSCP value to the ACE.
Either the DSCP value or the IP Precedence value is used to
match packets to ACLs. The possible field range is 0-63.
Match IP Precedence
Matches the packet IP Precedence
value to the ACE. Either the DSCP value or the IP Precedence
value is used to match packets to ACLs. The possible field
range is 0-7.
The
Add to List
button adds the configured IP Based ACLs
to the IP Based ACL Table at the bottom of the screen.
ACL > MAC based ACL
ACL > MAC based ACL