6-80
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
6






Configuring

Virtual

Contexts
Configuring
Security

with

ACLs
Step
2
In
the

ACLs

table,

do

one

of

the

following:


To
view

full

details

of

an

ACL

inline,

click
the
plus

sign

to

the
left
of

any
table
entry.


To
create

an

ACL,

click
Add.


To
modify
an
ACL,

choose

the

radio

button

to

the
left
of

any
table
entry,
and
click
Edit.


To
delete
an

ACL,

choose

the

radio

button
to
the

left
of
any
table
entry,

and

click
Tr
a

s

h

.
If
you

choose

create,

the

New

Access

List

window

appears.
If
you

choose

modify,

the

Edit

ACL

or

Edit

ACL

entry

window

appears

based

on

the

selected

radio
button
to

the

left

of

any

table

entry.
Ta
b

l

e


6-17
ACLs
Table
Field
Description
Name
Unique
identifier

for

the

ACL.

Valid

entries

are

unquoted

t

ext

st

rings

with

a

maximum

of

64
alphanumeric
characters.
Ty
p

e
Identifies
the

following

ACL

attributes:


ACL

t

y

p

e

:


Extended—Allows

you

t

o

specify

both

the

sour

ce

and

the

des

tination

IP

ad

dresses

of
traffic
and

the

protocol

and

the

action

to

be

taken.

For

more

information

see

the

“Setting
Extended
ACL

Attributes”

section

on

page

6-82 .


EtherType—This

ACL

controls

network

access

for

non-

IP

t

raffic

based

on

its

EtherType.
An
EtherType

is

a

subprotocol

identifier.

For

more

information,

see

the

“Setting

EtherType
ACL
Attributes”

section

on

pa

ge

6-87 .


(ACE
module

and

ACE

appliance
software
Version

A5(1.0)

or


later
only)
IP

add

ress

type:


IPv4—This

ACL

controls

network

access

for

IPv4

traffic.


IPv6—This

ACL

controls

network

access

for

IPv6

traffic.
#
ACL
line

number

for

extended

type

ACL

entries.
Action
Action
to

be

taken

(permit/deny).
Protocol
Protocol
number

or

ser

vice

object

group

to

apply

to

this

ACL

entry.
Source
Source
IPv6

or

IPv4

address

(and

source

netmask

with

port

number

if

configured

for

extended

type
ACL)
or

source

network

object

group

(if

configured)

that

is

being

applied

to

this

ACL

entry.

IPv6
requires
ACE

module

and

ACE

appliance

sof

tware

Version

A5(1.0)

or

l

ater.
Destination
Destination
IPv6

or


IPv4

address

(and

destination

netmask

with

port

number

if

configured

for
extended
type

ACL)

or

destination

network

object

group

(if

configured)

that

is

applied

to

this

ACL
entry.
IPv6

requires

ACE

module

and

ACE

appliance

software

Version

A5(1.0)

or

later.
ICMP
Whether
or

not


this

ACL

uses

ICMP

(Internet

Control

Message

Prot

ocol).

For

mor

e

i

nformation,
see
Ta

b

l

e


6-20 .
Interface
VLAN
interfaces

associated

with

this

ACL.

For

example

in24,4033:24out

where

“in”

denotes

the
input
di

rection

and

“out”

denotes

t

he

output

direction.
Remark
Comments
for

this

ACL.

Valid

entries

are

unquoted

text

strings

with

a

maximum

of

100

characters.
You
can

enter

leading

spaces

at

the

beginning

of

the

text

or

special

characters.

Trailing

spaces

are
ignored.