Access Control
IPv4-based ACLs
STEP 5
IPv4-based ACLs
NOTE
Cisco 500 Series Stackable Managed Switch Administration Guide
•
Source MAC Address—Select Any if all source address are acceptable or
User defined to enter a source address or range of source addresses.
•
Source MAC Address Value—Enter the MAC address to which the source
MAC address is to be matched and its mask (if relevant).
•
Source MAC Wildcard Mask—Enter the mask to define a range of MAC
addresses.
•
VLAN ID—Enter the VLAN ID section of the VLAN tag to match.
•
802.1p—Select Include to use 802.1p.
•
802.1p Value—Enter the 802.1p value to be added to the VPT tag.
•
802.1p Mask—Enter the wildcard mask to be applied to the VPT tag.
•
Ethertype—Enter the frame Ethertype to be matched.
Click Apply. The MAC-based ACE is saved to the Running Configuration file.
IPv4-based ACLs are used to check IPv4 packets, while other types of frames,
such as ARPs, are not checked.
The following fields can be matched:
•
IP protocol (by name for well-known protocols, or directly by value)
•
Source/destination ports for TCP/UDP traffic
•
Flag values for TCP frames
•
ICMP and IGMP type and code
•
Source/destination IP addresses (including wildcards)
•
DSCP/IP-precedence value
ACLs are also used as the building elements of flow definitions for per-flow QoS
handling.
The IPv4 Based ACL page enables adding ACLs to the system. The rules are
defined in the IPv4 Based ACE page.
27
586