Configuring an extended ACL

To configure an extended numbered ACL, perform the following steps.

  1. Click Configure on the left pane and select IP .
  2. Click Extended ACL .

    The Extended ACL window is displayed as shown in the figure below.

    Figure 104  Configuring an extended ACL
  3. Type the extended ACL number from 100 through 199 in the ACL Number field. If you want to specify the extended ACL name, click Name ACLs . The field label is changed to ACL Name .
  4. Click Permit or Deny for Action so that the packets that match the policy can be forwarded or dropped.
  5. Type the source IP address in the Source IP Address field.
  6. Type the source mask in the Source Filter Mask field.
  7. Type the source host name in the Source Host Name field.
  8. Type the destination IP address in the Destination IP Address field.
  9. Type the destination mask in the Destination Filter Mask field.
  10. Type the destination host name in the Destination Host Name field.
  11. Select one of the following options in the IP Precedence list:
      • routine --The ACL matches packets that have the routine precedence.
      • priority --The ACL matches packets that have the priority precedence.
      • immediate --The ACL matches packets that have the immediate precedence.
      • flash --The ACL matches packets that have the flash precedence.
      • flash-override --The ACL matches packets that have the flash override precedence.
      • critical --The ACL matches packets that have the critical precedence.
      • internet --The ACL matches packets that have the internetwork control precedence.
      • network --The ACL matches packets that have the network control precedence.
  12. Select one of the following options in the TOS list:
      • normal --The ACL matches packets that have the normal ToS.
      • min-monetary-cost --The ACL matches packets that have the minimum monetary cost ToS.
      • max-reliability --The ACL matches packets that have the maximum reliability ToS.
      • max-throughput --The ACL matches packets that have the maximum throughput ToS.
      • min-delay --The ACL matches packets that have the minimum delay ToS.
  13. Select the Log check box to enable generation of SNMP traps and syslog messages for packets denied by the ACL.
  14. Click By Name for IP Protocol to select the IP protocol by name or click By Number to specify the number (from 0 through 255).
  15. Select the TCP Established check box so that the policy applies to the TCP packets that have the ACK (Acknowledgment) or RST (Reset) bits set on (set to "1") in the Control Bits field of the TCP packet header. The policy applies only to the established TCP sessions, not to the new sessions.
    NOTE
    This field applies only to the destination TCP ports, not the source TCP ports.
  16. Enter the following information for Source :
    1. To configure a single port, click Single Port .

      Select one of the following for Operator :

        • Equal --The policy applies to the TCP or UDP port name or number you enter.
        • NotEqual --The policy applies to all the TCP or UDP port numbers except the port number or port name you enter.
        • LessThan --The policy applies to the TCP or UDP port numbers that are less than the port number or the numeric equivalent to the port name you enter.
        • GreaterThan --The policy applies to the TCP or UDP port numbers greater than the port number or the numeric equivalent to the port name you enter.

      Click Source Port System Defined

    2. To configure a range of ports, click Port Range .

      Type the lower port number in the Low Port field and the highest port number in the High Port field.

      Click Source Range System Defined .

  17. To configure the destination port settings under Destination , follow the procedure explained in step 16 .
  18. Click Add .

    The message The change has been made is displayed. To display the configured extended numbered ACL, click Show .

    To delete the configured extended numbered ACL, click Delete . To reset the data entered in the configuration pane, click Reset .

    NOTE
    Web GUI does not have ACL Sequence number support.
Parent topic: Configuring IP