Planet Technology SGSD-1022 User Manual

User’s Manual of SGSD-1022 / SGSD-1022P

SGSW-2840 / SGSW-2840P

500

Extended ACL

Command Usage

All new rules are appended to the end of the list.

Address bitmasks are similar to a subnet mask, containing four integers from 0 to 255, each separated by a period. The

binary mask uses 1 bits to indicate “match” and 0 bits to indicate “ignore.” The bitmask is bitwise ANDed with the 21.

Includes TCP, UDP or other protocol types.

specified source IP address, and then compared with the address for each IP packet entering the port(s) to which this ACL

has been assigned.

• The following control codes may be specified:

-1 (fin) – Finish

-2 (syn) – Synchronize

-4 (rst) – Reset

-8 (psh) – Push

-16 (ack) – Acknowledgement

-32 (urg) – Urgent pointer

To define more than one control code, set the equivalent binary bit to “1” to indicate the

required codes. For Example, to set both SYN and ACK valid, use “control-code 18”

Example

This

Example

accepts any incoming packets if the source address is within subnet 10.7.1.x. For

Example

, if the rule is

matched; i.e., the rule (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), the packet

passes through.

Console(config-ext-acl)# permit 10.7.1.1 255.255.255.0 any

Console(config-ext-acl)#

This allows TCP packets from class C addresses 192.168.1.0 to any destination address when set for destination TCP port

80 (i.e., HTTP).

Console(config-ext-acl)# permit 192.168.1.0 255.255.255.0 any

destination-port 80

Console(config-ext-acl)#