Creating Extended Access Rules

To create Extended Access Rules:

1. Select Access Lists from the Routing > IP > Configuration group on the Web Agent window. The IP Access List dialog box opens (Figure 13-1).

NOTE: The IP Access List dialog box displays all standard and extended access rules that have been created. If no rules have been created, the following statement displays: No IP Access Rules are currently configured.

2. Select Create Extended. The IP Extended Access Rule Creation dialog box opens (Figure 13-3).

Figure 13-3. IP Extended Access Rule Creation Dialog Box

3. See Table 13-2 to configure the IP Extended Access Rule Creation dialog box parameters to filter or prioritize traffic:

   Table 13-2. IP Extended Access Rule Creation Parameters

   Parameter	Allows you to...
   Access List Name	Enter the alphanumeric name of the access list this rule will be added to. See “Naming Conventions for ACLs” for more information
   Access Rule Index	Enter the sequence number for each new rule you create. Index numbers can be 1 through 512. Packets are compared against rules in ascending index order. NOTE: Note: Entering a new rule may override other rules. Review your current configuration prior to creating new access list rules
   Access Type	Select the method of handling incoming datagrams based on the IP access type you set from the following options: Deny/Filter - Allows you to filter out traffic based on the specified configuration. Permit/Fwd pri8 (high) to pri1 (low) - Allows you to prioritize traffic based on the specified configuration. Permit/Fwd with no change in priority - Allows you to forward traffic with no change in priority.
   Source Subnet	Source Address - Enter the IP address that you want to deny or grant access to the switch. The Wildcard will determine how the address is evaluated. Source Address Wildcard - Enter the Wildcard for this address. For more information on wildcards, see “What are Wildcards?” earlier in this chapter.
   Destination Subnet	Dest Address - Enter the IP address that you want to deny or grant access to the switch. The Wildcard will determine how the address is evaluated. Dest Address Wildcard - Enter the Wildcard for this address. For more information on wildcards, see “What are Wildcards?” earlier in this chapter.
   Protocol ID	Specify a protocol ID to be filtered. (For example, ICMP=1, IGMP=2). A single asterisk (*) indicates all protocols. RFC 1700 defines the protocol IDs. To see the complete list of protocol numbers, see http://www.iana.org/assignments/protocol-numbers.
   TCP/UDP Source Port	Specify a range of source ports that pass between two hosts or switches using the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP). Options include: Min. - The lowest numbered port in the range. The default is 0. Max. - The highest numbered port in the range. The default is 65,535. NOTE: The protocol ID parameter must first be configured with either 6 for TCP or 17 for UDP, to enable the TCP/UDP Source port parameter. To see the complete list of well-known port numbers (specifically in relation to the destination port), see: http://www.iana.org/assignments/port-numbers.
   TCP/UDP Destination Port	Specify a range of destination ports that pass data between two hosts or switches using the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP). Options include: Min. - The lowest numbered port in the range. The default is 0. Max. - The highest numbered port in the range. The default is 65,535. NOTE: The protocol ID parameter must first be configured with either 6 for TCP or 17 for UDP, to enable the TCP/UDP Destination port parameter. To see the complete list of well-known port numbers (specifically in relation to the destination port), see: http://www.iana.org/assignments/port-numbers.
   TCP Established	Criteria for matching TCP packets of established (connected) or not established (initial call) sessions.

4. Click CREATE to save your changes, or CANCEL to restore previous settings.