Client acl list contents, Client acl details, Basic information area – H3C Technologies H3C Intelligent Management Center User Manual
Page 60: Acl rule list
44
EAD deploys the client ACLs to endpoints of access users that pass identify authentication, and applies
the client ACLs to the outgoing traffic of their respective authentication NICs. Client ACLs can be
classified as follows:
•
Isolation ACL—Allows insecure users to access only a restricted area to rectify security problems
and reinitiate security authentication.
•
Security ACL—Applies to all online access users that are not isolated.
Operators can add, modify, and delete client ACLs. Configure client ACLs only when the iNode client on
the target user endpoints supports the client ACL feature. Otherwise, access users cannot log in after the
client ACL deployment. The client ACL feature is available for Windows operating systems only.
Client ACL list contents
The client ACL list has the following parameters:
•
ACL Name—Name of the client ACL. Click the name to view detailed information.
•
Service Group—Name of the service group to which the client ACL belongs.
•
Description—Description of the associated client ACL.
•
Modify—Click the Modify icon
to modify the client ACL settings.
•
Delete—Click the Delete icon
to delete the client ACL.
Client ACL details
The client ACL details page has a basic information area and an ACL rule list area.
Basic Information area
•
ACL Name—Name of the client ACL.
•
Default Action of ACL Rule—Action to take on IP packets that do not match any ACL rule.
{
Permit—Permits IP packets that do not match any ACL rule on the ACL rule list to pass through.
{
Deny—Drops IP packets that do not match any ACL rule on the ACL rule list.
•
Description—Description of the client ACL.
•
Service Group—Name of the service group to which the client ACL belongs.
ACL Rule List
•
Matching Action—Action to take on IP packets that match the ACL rule.
{
Permit—Permits IP packets that match the ACL rule to pass through.
{
Deny—Drops IP packets that match the ACL rule.
•
Protocol—Transport-layer protocol that the ACL rule matches. A protocol name (ICMP, TCP, or UDP)
or protocol number matches the corresponding transport-layer protocol. This field displays two
hyphens (--) if the ACL rule matches all transport-layer protocols.
•
Dest IP—Destination IP address that the ACL rule matches.
•
Mask—Subnet mask of the destination IP address.
•
Dest Port—Destination port of IP packets. This field displays a value only when the transport-layer
protocol of the ACL rule is TCP or UDP (if you selected TCP or UDP in the Protocol list). Otherwise,
this field displays two hyphens (--).
The default setting is 0, which matches all destination ports.