Manualshelf

User`s manual

ManualsBrandsAsante ManualsComputer equipmentIntraCore 36000 Series
71727374757677787980
User’s Manual 77
1 (fin) – Finish
2 (syn) – Synchronize
4 (rst) – Reset
8 (psh) – Push
16 (ack) – Acknowledgement
32 (urg) – Urgent pointer
For example, use the code value and mask below to catch packets with the following flags set:
SYN flag valid, use control-code 2, control bitmask 2
Both SYN and ACK valid, use control-code 18, control bitmask 18
SYN valid and ACK invalid, use control-code 2, control bitmask 18
Configuring Switch Using the Web or CLI
Web
Specify the action (For example, Permit or Deny). Specify the source and/or destination addresses. Select
the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a
subnet address and the mask for an address range. Set any other required criteria, such as service type,
protocol type, or TCP control code. Then click Add.
Jaci need pic here 3-29 Need Breen to help
CLI
This example adds three rules:
Accept any incoming packets if the source address is in subnet 10.7.1.x. For example, if the rule is
matched; For example, the rule (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 &
255.255.255.0), the packet passes through.
Allow TCP packets from class C addresses 192.168.1.0 to any destination address when set for
destination TCP port 80 (For example, HTTP).
Permit all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN”.
Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any
Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any destination-port
80
Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.0 any
control-flag 2 2
Console(config-ext-acl)#
6.7.5 Configuring a MAC ACL
Egress MAC ACLs only work for destination-mac-known packets, not for multicast, broadcast, or
destination-mac-unknown packets.