Configuring an extended ACL
To configure an extended numbered ACL, perform the following steps.
- Click Configure on the left pane and select IP .
-
Click
Extended ACL .
The Extended ACL window is displayed as shown in the figure below.
Figure 104 Configuring an extended ACL - Type the extended ACL number from 100 through 199 in the ACL Number field. If you want to specify the extended ACL name, click Name ACLs . The field label is changed to ACL Name .
- Click Permit or Deny for Action so that the packets that match the policy can be forwarded or dropped.
- Type the source IP address in the Source IP Address field.
- Type the source mask in the Source Filter Mask field.
- Type the source host name in the Source Host Name field.
- Type the destination IP address in the Destination IP Address field.
- Type the destination mask in the Destination Filter Mask field.
- Type the destination host name in the Destination Host Name field.
-
Select one of the following options in the
IP Precedence list:
-
- routine --The ACL matches packets that have the routine precedence.
- priority --The ACL matches packets that have the priority precedence.
- immediate --The ACL matches packets that have the immediate precedence.
- flash --The ACL matches packets that have the flash precedence.
- flash-override --The ACL matches packets that have the flash override precedence.
- critical --The ACL matches packets that have the critical precedence.
- internet --The ACL matches packets that have the internetwork control precedence.
- network --The ACL matches packets that have the network control precedence.
-
-
Select one of the following options in the
TOS list:
-
- normal --The ACL matches packets that have the normal ToS.
- min-monetary-cost --The ACL matches packets that have the minimum monetary cost ToS.
- max-reliability --The ACL matches packets that have the maximum reliability ToS.
- max-throughput --The ACL matches packets that have the maximum throughput ToS.
- min-delay --The ACL matches packets that have the minimum delay ToS.
-
- Select the Log check box to enable generation of SNMP traps and syslog messages for packets denied by the ACL.
- Click By Name for IP Protocol to select the IP protocol by name or click By Number to specify the number (from 0 through 255).
-
Select the
TCP Established check box so that the policy applies to the TCP packets that have the ACK (Acknowledgment) or RST (Reset) bits set on (set to "1") in the Control Bits field of the TCP packet header. The policy applies only to the established TCP sessions, not to the new sessions.
NOTEThis field applies only to the destination TCP ports, not the source TCP ports.
-
Enter the following information for
Source :
-
To configure a single port, click
Single Port .
Select one of the following for Operator :
-
- Equal --The policy applies to the TCP or UDP port name or number you enter.
- NotEqual --The policy applies to all the TCP or UDP port numbers except the port number or port name you enter.
- LessThan --The policy applies to the TCP or UDP port numbers that are less than the port number or the numeric equivalent to the port name you enter.
- GreaterThan --The policy applies to the TCP or UDP port numbers greater than the port number or the numeric equivalent to the port name you enter.
Click Source Port System Defined
-
-
To configure a range of ports, click
Port Range .
Type the lower port number in the Low Port field and the highest port number in the High Port field.
Click Source Range System Defined .
-
To configure a single port, click
Single Port .
- To configure the destination port settings under Destination , follow the procedure explained in step 16 .
-
Click
Add .
The message The change has been made is displayed. To display the configured extended numbered ACL, click Show .
To delete the configured extended numbered ACL, click Delete . To reset the data entered in the configuration pane, click Reset .
NOTEWeb GUI does not have ACL Sequence number support.
Parent topic: Configuring IP