Filter
Top Products
DES-7200 Configuration Guide Chapter 1 Access Control List
Configuration
1-4
Protocol type fields
Layer-4 fields:
You can specify one UDP source port, destination port, or both
You can specify one UDP source port, destination port, or both
The filtering domain consists of the fields in the packets based on which the packets
are identified and classified when you create an ACE. A filtering domain template is the
definition formed by these fields. For example, when one ACE is generated, you want
to identify and classify messages according to the destination IP field of a message.
When another ACE is generated, you want to identify and classify messages according
to the source IP address field of a message and the source port field of UDP. In this
way, these two ACEs use different filtering domain templates.
Rules refer to the values of the ACE mask. For example, one ACE is:
permit tcp host 192.168.12.2 any eq telnet
In this ACE, the filtering domain template is a collection of the following fields: Source
IP Address Fields, IP Protocol Fields and Destination TCP Port Fields. Corresponding
values (rules) are respectively as follows: Source IP Address=host 192.168.12.2; IP
Protocol=tcp; TCP Destination Port=telnet.
Figure 2 Analysis of the ACE:
permit tcp host 192.168.12.2 any eq telnet
Note
A filtering domain template can be the collection of L3 fields (Layer 3
Field) and L4 fields (Layer 4 Field) or the collection of multiple L2 fields
(Layer 2 Field). However, the filtering domain templates of a standard
and extended ACL cannot be the collection of L2 and L3, L2 and 4, L2
and L3, or L4 fields. To use the combination of L2, L3 and L4 fields, it
is possible to apply the Expert ACLs.