Riverstone Networks WICT1-12 User Manual
Page 532
24-2 Riverstone Networks RS Switch Router User Guide Release 8.0
ACL Basics
Access Control List Configuration
The selection criteria you can specify in an ACL rule depends on the type of ACL you are creating. For IP, TCP, and
UDP ACLs, the following selection criteria can be specified:
•
Source IP address
•
Destination IP address
•
Source port number
•
Destination port number
•
Type of Service (TOS)
•
The
accounting
keyword specifies that LFAP accounting information about the flows that match
the ‘permit’ rule are sent to the configured Flow Accounting Server (FAS). See
, for more information.
Note
The
accounting
parameter must be followed by one of the three checkpoint time
interval parameters:
5-minutes
,
15-minutes
, or
hourly
.
For IPX ACLs, the following selection criteria can be specified:
•
Source network address
•
Destination network address
•
Source IPX socket
•
Destination IPX socket
These selection criteria are specified as fields of an ACL rule. The following syntax description shows the fields of an
IP ACL rule:
Note
The
acl permit|deny ip
command restricts traffic for all IP-based protocols,
such as TCP, UDP, ICMP, and IGMP. Variants of the
acl permit|deny ip
command exist that allow you to restrict traffic for a specific IP-based protocol;
for example, the
acl permit|deny tcp
command lets you restrict only TCP
traffic. These variants have the same syntax and fields as the
acl permit|deny
ip
command.
The following syntax description shows the fields of an IPX ACL rule:
acl
<name>
permit|deny ip
<SrcAddr/Mask> <DstAddr/Mask> <SrcPort> <DstPort> <tos> <tos-mask>
[accounting]
<checkpoint interval>
acl
<name>
permit|deny ipx
<SrcAddr> <SrcSocket> <DstAddr> <DstSocket> <SrcNetMask>
<DstNetMask>