81
Chapter 4:
SFE2000/SFE2000P Gigabit Ethernet Switch Reference Guide
Chapter
4
• Match IP Precedence — Matches the packet IP Precedence value to the ACE. Either the DSCP
value or the IP Precedence value is used to match packets to ACLs. The possible field range is 0-7.
• Action — Indicates the action assigned to the packet matching the ACL. Packets are forwarded or
dropped. In addition, the port can be shut down, a trap can be sent to the network administrator, or
packet is assigned rate limiting restrictions for forwarding. The options are as follows:
– Permit — Forwards packets which meet the ACL criteria.
– Deny — Drops packets which meet the ACL criteria.
– Shutdown — Drops packet that meets the ACL criteria, and disables the port to which the
packet was addressed. Ports are reactivated from the Port Management page.
3. Define the relevant fields,
4. Click Apply. The IP Based ACL is defined, and the device is updated.
Defining Rules Associated with IP-ACL
1. Click Security Suite >Access Control > IP Based ACL. The IP Based ACL Page opens:
2. Click the ACL Rule button. The Rules Associated with IP-ACL Page opens:
Rules Associated with IP-ACL Page
The Rules Associated with IP-ACL Page contains the following fields:
• ACL Name — Displays the user-defined IP based ACLs.
• New Rule Priority — Indicates the rule priority, which determines which rule is matched to a
packet on a first-match basis.
• Protocol — Creates an ACE based on a specific protocol.
• TCP Flags — Filters packets by TCP flag. Filtered packets are either forwarded or dropped.
Filtering packets by TCP flags increases packet control, which increases network security. The
possible field values are: