WESM zl Management and Configuration Guide WT.01.XX and greater
7-6
Access Control Lists (ACLs)
Overview
Extended IP ACL rules can include these additional filters:
■ destination IP address
The filter can select:
• all addresses
• a single address
• a range of addresses, specified by subnetwork address and a prefix
length
■ protocol
By default, a rule matches all IP packets, but you can limit the rule to a
specific protocol including:
•ICMP
•TCP
• UDP
■ for ICMP packets, ICMP type and ICMP code
■ for TCP and UDP packets, source and destination ports
In this way, you can control traffic according to the application. For
example, configure a rule to select Web traffic by specifying the TCP
protocol and destination port 80.
Extended MAC ACL rules can include these additional filters:
■ the destination MAC address, either a single address or a range of
addresses (specified by a mask)
■ VLAN ID—a specific VLAN ID number
■ 802.1p priority—the traffic service class used for quality of service (QoS)
■ EtherType—the Layer 3 protocol encapsulated in the frame:
• IPv4—Internet Protocol, version 4
• ARP—Address Resolution Protocol
• RARP—Reverse Address Resolution Protocol
• AppleTalk
• AARP—AppleTalk Address Resolution Protocol
• 802.1q—VLANs
• IPX—Internetwork Packet Exchange
• IPv6—Internet Protocol, version 6