Create ACE - Extended Window
This window appears when you choose Extended IP and click Create
in the Create ACL window.
Follow these steps to create an ACE for an ACL
of the extended type:
- From the Keyword list, select an action:
- permit to permit traffic from specified sources
- deny to deny traffic from those sources
- From the Log list, select a logging option:
- log to send messages to the console for incoming and
outgoing packets that match the ACL filtering criteria
- log input to send messages to the console only for incoming packets
that match the ACL filtering criteria
- no logging to send no packet messages to the console
Restriction: For Catalyst 2950 switches, the logging
option is not available.
- In the Precedence list, select an option
that describes the priority that you want to assign to packets that meet the
filtering criteria.
Restriction: For Catalyst 2950 switches, the precedence option is not
available.
- In the Type of Service list, select the
type of service that you want to assign to packets that meet the filtering
criteria.
Restriction: For Catalyst 2950 switches, the type-of-service option
is not supported.
- Enter an IP address in the Source Address
field.
- From the Source Wildcard list, select one of these:
- A mask
- host, which applies the selected action to only the source address
- any, which applies the selected action to any source address
The mask is a wildcard mask: the high-order bits of the mask that are
binary zeros determine how many corresponding high-order bits in the IP address
are significant. The selected action applies to any source address with these
high-order bits.
- In the Protocol list, select a protocol
that you are associating with this ACE.
- If you select tcp, udp, icmp, or igmp,
click Protocol Options. The options window for TCP,
UDP, ICMP, or IGMP
appears. When you finish specifying options, you return to the Create
ACE - Extended window.
- If the protocol you want is not in the list, select other from
the list and enter the number of the protocol in the Other Protocol
field.
Restriction: For Catalyst 2950 switches, only the IP,
TCP, and UDP protocols are supported.
- Make a selection in the DSCP list if you
made no selection in the Precedence or Type of Service lists.
Restriction: For Catalyst 2950 switches, a DSCP selection is not supported.
- Use the Destination Address field and the
Destination Wildcard list as you used the Source Address field
and Source Mask list. The only difference is that here you are specifying
filtering criteria for a destination address.
- Click OK. An ACE for an extended ACL is
created.
Note: any is equivalent to specifying a source address and
mask of 255.255.255.255. host is equivalent to specifying a mask of 0.0.0.0.