Creating Extended Access Rules

Creating Extended Access Rules

To create Extended Access Rules:

In the navigation pane, expand the Routing > IP > Configuration folders, and then click Access Lists.

The IP Access List Web page is displayed in the content pane. See Figure�134.

Note: The IP Access List Web page displays all standard and extended access rules that have been created. If no rules have been created, the following statement displays: No IP Access Rules are currently configured.

Select Create Extended. The IP Extended Access Rule Creation Web page is displayed. See Figure�136.

Figure�136:�IP Extended Access Rule Creation Web Page

See Table�98 to configure the IP Extended Access Rule Creation Web page parameters to filter or prioritize traffic.
Click CREATE to save your changes, or CANCEL to restore previous settings.

Table�98:�IP Extended Access Rule Creation Parameters �
Parameter	Description
Access List Name	Enter the alphanumeric name of the access list this rule will be added to. See "Naming Conventions for ACLs" for more information
Access Rule Index	Enter the sequence number for each new rule you create. Index numbers can be 1 through 512. Packets are compared against rules in ascending index order. Note: Entering a new rule may override other rules. Review your current configuration prior to creating new access list rules
Access Type	Select the method of handling incoming datagrams based on the IP access type you set from the following options: Deny/Filter - Allows you to filter out traffic based on the specified configuration. Permit/Fwd pri8 (high) to pri1 (low) - Allows you to prioritize traffic based on the specified configuration. Permit/Fwd with no change in priority - Allows you to forward traffic with no change in priority.
Source Subnet	Source Address - Enter the IP address that you want to deny or grant access to the switch. The Wildcard will determine how the address is evaluated. Source Address Wildcard - Enter the Wildcard for this address. For more information on wildcards, see "What are Wildcards?" earlier in this chapter.
Destination Subnet	Dest Address - Enter the IP address that you want to deny or grant access to the switch. The Wildcard will determine how the address is evaluated. Dest Address Wildcard - Enter the Wildcard for this address. For more information on wildcards, see "What are Wildcards?" earlier in this chapter.
Protocol ID	Specify a protocol ID to be filtered. (For example, ICMP=1, IGMP=2). A single asterisk (*) indicates all protocols. RFC 1700 defines the protocol IDs. To see the complete list of protocol numbers, see http://www.iana.org/assignments/protocol-numbers.
TCP/UDP Source Port	Specify a range of source ports that pass between two hosts or switches using the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP). Options include: Min. - The lowest numbered port in the range. The default is 0. Max. - The highest numbered port in the range. The default is 65,535. Note: The protocol ID parameter must first be configured with either 6 for TCP or 17 for UDP, to enable the TCP/UDP Source port parameter. To see the complete list of well-known port numbers (specifically in relation to the destination port), see: http://www.iana.org/assignments/port-numbers.
TCP/UDP Destination Port	Specify a range of destination ports that pass data between two hosts or switches using the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP). Options include: Min. - The lowest numbered port in the range. The default is 0. Max. - The highest numbered port in the range. The default is 65,535. Note: The protocol ID parameter must first be configured with either 6 for TCP or 17 for UDP, to enable the TCP/UDP Destination port parameter. To see the complete list of well-known port numbers (specifically in relation to the destination port), see: http://www.iana.org/assignments/port-numbers.
TCP Established	Criteria for matching TCP packets of established (connected) or not established (initial call) sessions.