Create Access list
Create Access list
1. Summary
In this page you can create or delete access lists, and change their settings.
2. Top page
This is the top page for creating an access list.
2.1. Access lists
-
The information for the access list you created will be displayed.
-
The table items are explained below.
-
ID
-
The access list ID will be displayed.
-
-
Type
-
The access list type will be displayed.
-
-
Description
-
The description text set in this access list will be displayed.
-
-
-
A maximum of 20 items can be displayed for one page. Press
or
or enter a numeric value to switch between pages.
-
You can press the sort switch to sort by each item.
-
Press the "New" button to display the page where you can create a new access list.
-
Press the "Setting" button to show the page where you can change the settings of the selected access list.
-
If you press the "Delete" button, all access lists whose check boxes are selected will be deleted.
-
Access lists that are applied to class maps cannot be deleted.
-
-
On this page, you can reference and configure up to 512 access lists.
3. Access list settings page
This page is for creating new access lists, or for changing the settings of existing access lists.
Enter the settings, and then press the "Confirm" button.
If there are no mistakes in the input content of the confirmation screen, press the "OK" button.
3.1. Access list settings
-
Access list
-
Select the access list type from the following items.
-
IPv4 access list
-
IPv6 access list
-
MAC access list
-
-
When changing the settings, the access list type cannot be changed.
-
The IPv6 access list settings cannot be configured when the stack function is enabled.
-
-
Access list ID
-
Set the configurable access list ID from the following ranges, according to the access list type.
-
IPv4 access lists
-
1 - 2000
-
-
IPv6 access lists
-
3001 - 4000
-
-
MAC access lists
-
2001 - 3000
-
-
-
When changing the settings, the access list ID cannot be changed.
-
-
Description
-
Specify the description text using up to 32 single-byte alphanumeric characters and symbols.
-
The "?" character cannot be used in the description text.
-
-
Control conditions
-
Specify the control conditions for the access list.
-
Up to 256 control conditions can be configured per access list.
-
Press the "Add" button to display the "Control condition settings" dialog.
-
In the "Control condition settings"dialog, you can specify conditions for which traffic is permitted anddenied as per the following items.
-
Operation
-
Select the actions to be taken when the traffic matches the control conditions, shown in the items below.
-
Permit
-
Deny
-
-
-
Source address
-
Select the source address to be targeted from the following items.
-
All addresses
-
Specify host address
-
Specifying a network address
-
This cannot be specified for a MAC access list.
-
-
Specify host address with wildcard bit
-
Specify the address and wildcard mask.
-
This cannot be specified for a IPv6 access list.
-
-
-
If the wildcard mask bit is "1," the bit in the same address position will not be checked.
-
When specifying the conditions for subnet 192.168.1.0/24, do so as shown below.
-
Address : 192.168.1.0, Wildcard mask : 0.0.0.255
-
-
When specifying the conditions for vendor code 00-A0-DE---*, do so as shown below.
-
Address : 00A0.DE00.0000, Wildcard mask : 0000.00FF.FFFF
-
-
-
Destination address
-
The details for the items to be set for the destination address are equivalent to those of the source address.
-
This cannot be specified for a IPv6 access list.
-
-
Protocol
-
Select the protocol to be targeted from the following items.
-
All protocols
-
TCP
-
UDP
-
ICMP
-
Specify protocol number
-
Input a protocol number from 0 to 255.
-
-
-
When selecting TCP or UDP as a protocol, specifying the source and destination port numbers.
-
You can specify either a single number or a number range for the port number.
-
Input a port number from 0 to 65535.
-
-
When selecting TCP as a protocol, you can specify the conditions regarding the TCP vendor control flag.
-
If more than one bit is specified, it works under the AND condition. Packets with all the specified bits set to 1 are targets.
-
For example, you can deny only TCP connections from outside to inside by allowing only packets withACK bit or RST bit of 1 for the interface’s direction.
-
In this case, you need to settwo control conditions. One is to allow packets with an ACK bit value of 1, and the other is to allow packets with an RST bit value of 1.
-
-
This cannot be specified for a MAC access list or a IPv6 access list.
-
-
-
Press the "Delete" button to delete the corresponding control conditions.
-
Press the
or
icons to change the order in which the control conditions are applied.
-
When evaluating the control conditions,control conditions with earlier numbers will be evaluated first; and ifthe conditions match, the conditions that follow will not be checked.
-