- 901 -
Selection Criteria
IP ACL ID - Use the pulldown menu to select the IP ACL for which to create or update a rule.
Rule - Select an existing rule from the pulldown menu, or select 'Create New Rule.' ACL as well as an
option to add a new Rule. New rules cannot be created if the maximum number of rules has been
reached. For each rule, a packet must match all the specified criteria in order to be true against that
rule and for the specified rule action (Permit/Deny) to take place.
Configurable Data
Rule ID - Enter a whole number in the range of 1 to 8 that will be used to identify the rule. An IP ACL
may have up to 8 rules.
Action - Specify what action should be taken if a packet matches the rule's criteria. The choices are
permit or deny.
Logging - When set to 'True', logging is enabled for this ACL rule (subject to resource availability in
the device). If the Access List Trap Flag is also enabled, this will cause periodic traps to be generated
indicating the number of times this rule was 'hit' during the current report interval. A fixed 5 minute
report interval is used for the entire system. A trap is not issued if the ACL rule hit count is zero for the
current interval. This field is visible for a 'Deny' Action.
Assign Queue ID - Specifies the hardware egress queue identifier used to handle all packets
matching this IP ACL rule. Valid range of Queue Ids is (0 to 6). This field is visible when 'Permit' is
chosen as 'Action'.
Mirror Interface - Specifies the specific egress interface where the matching traffic stream is copied
in addition to being forwarded normally by the device. This field cannot be set if a Redirect Interface is
already configured for the ACL rule. This field is visible for a 'Permit' Action.
Redirect Interface - Specifies the specific egress interface where the matching traffic stream is
forced, bypassing any forwarding decision normally performed by the device. This field is visible when
'Permit' is chosen as 'Action'.
Match Every - Select true or false from the pulldown menu. True signifies that all packets will match
the selected IP ACL and Rule and will be either permitted or denied. In this case, since all packets
match the rule, the option of configuring other match criteria will not be offered. To configure specific
match criteria for the rule, remove the rule and re-create it, or re-configure 'Match Every' to 'False' for
the other match criteria to be visible.
Protocol Keyword - Specify that a packet's IP protocol is a match condition for the selected IP ACL
rule. The possible values are ICMP, IGMP, IP, TCP, and UDP. Either the 'Protocol Keyword' field or
the 'Protocol Number' field can be used to specify an IP protocol value as a match criterion.