Cisco 12000/10700 V3.1.1 User Manual
Page 303
11-17
Cisco 12000/10700 v3.1.1 Router Manager User Guide
OL-4455-01
Chapter 11 Layer 3 QoS
Access List Configuration
Dynamic—Defines the selected access list to be dynamic. Dynamic access lists grant access per user to
a specific source or destination host through a user authentication process. You can allow user access
through a firewall dynamically, without compromising security restrictions.
Dynamic List
Name—Defines a name for the dynamic list (only available if Dynamic button is selected).
Time Out—Specifies the absolute length of time (in minutes) that a temporary access list entry can
remain in a dynamic access list. The default (0) is an infinite length of time and allows an entry to remain
permanently (only available if Dynamic button is selected).
Source and Destination
The Source and Destination areas contain the following fields:
Host Type—Indicates the hosts for which the access action are available. Possible values for this field
include the following:
•
Any—All hosts
•
A.B.C.D—Specified IP address with wild card bits
•
Host Hostname—Only the specified hostname
•
Host A.B.C.D—Only the specified IP address
Host Name—Name of the host (or source of the packet) for which the access action is applicable.
IP Address—IP address of the host (or source of the packet) for which the access action is applicable.
Wild Card—If the access action is applicable for more than one host, then this field should be used as a
mask. For example, the wild card 255.255.255.255 effectively represents any.
Port Criteria—Criteria to be applied on the specified port (interface) number. Possible values are as
follows:
•
None—Port number is insignificant
•
Equal To—Equal to the port number
•
Not Equal To—Not equal to the port number
•
Greater Than—Greater than the port number
•
Less Than—Less than the port number
•
Range—Port number range
Port
The Port sub-area in the Source and Destination areas contains the following fields:
Number—Port (interface) number from/to where the packet is sent or destined.
Range—Defines which port (interface) numbers will be allowed through this filter.