Asus GigaX2024SX User Manual

is specified, then you can also filter packets based on the TCP control code.
- MAC: MAC ACL mode that filters packets based on the source or destination
MAC address and the Ethernet frame type (RFC 1060).

Web – Click Security, ACL, Configuration. Enter an ACL name in the Name field,
select the list type (IP Standard, IP Extended, or MAC), and click Add to open the
configuration page for the new list.

Figure 3-35. Selecting ACL Type

IP ACL named david.

CLI – This example creates a standard

Configuring a Standard IP ACL
Command Attributes
• Action – An ACL can contain all permit rules or all deny rules.
• Address Type – Specifies the source IP address. Use “Any” to include all
possible addresses, “Host” to specify a specific host address in the Address field,
or “IP” to specify a range of addresses with the Address and SubMask fields.
(Options: Any, Host, IP; Default: Any)
• IP Address – Source IP address.
• Subnet Mask – A subnet mask containing four integers from 0 to 255, each
separated by a period. The mask uses 1 bits to indicate “match” and 0 bits to
indicate “ignore.” The mask is bitwise ANDed with the specified source IP address,
and compared with the address for each IP packet entering the port(s) to which
this ACL has been assigned.

Web – Specify the action (i.e., Permit or Deny). Select the address type (Any,
Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter
a subnet address and the mask for an address range. Then click Add.

3-57