6-81
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
6






Configuring

Virtual

Contexts
Configuring
Security

with

ACLs
Step
3
Add
or

edit

required

fields

as

described

in
Ta
b

l

e
6-18
.
Note
Fields
and

information

related

to
IPv6
require
ACE
module
and
ACE

appliance
software
Version
A5(1.0)
or

later.
Ta
b

l

e


6-18
ACL
Configuration

Attributes
Field
Description
AC
L


P

r

o

p

e

r

t

i

e

s
Name
Unique
identifier

for

the

ACL.

Valid

entries

are

unquoted

text

strings

with

a

maximum

of

64
alphanumeric
ch

aracters.
Ty
p

e
Type
of

ACL:


Extended—Allows
you
to
specify
both
the

source

and

the

destination
IP

addresses

of
traffic,
the

protocol,

and

the

action

to

be

taken.

For

more

information

see

the

“Setting
Extended
ACL

Attributes”

section

on

page

6-82 .


EtherType—This
ACL

controls

network

access

for

non-IP

traffic
based

on

its

EtherType.
An
EtherType

is

a

subprotocol

identifier.

For

more

information

see

the

“Setting
EtherType
ACL

Attributes”

section

on

page

6-87 .
IP
Address

Type
Field
that

appears

only

for

ACE

module

and

ACE

appliance

software

Version

A5(1.0)

or

later,
which
supports

IPv4

and

IPv6.

Type

of

IP

address:

IPv4

or

IPv6.
Remark
Comments
that

you

want

to

include

for

this

ACL.

Valid

entries

are

unquoted

text

strings

with
a
maximum

of


100

characters.

You

can

enter

l

eading

spaces

at

the

beginning

of

t

he

text

or
special
characters.

Trailing

spaces

are

ignored.
ACL
Entries
Entry
Attributes
Line
number,

action

and

protocol/service

object

group

drop-down

list.

For

information

about
setting
these

attributes,

see

the

“Setting

Extended

ACL

Attributes”

section

on

page

6-82

or


the
“Setting

EtherType

ACL

Attributes”

section

on

page

6-87 .
Source
This
field

contains

the

following

information

for

Extended

ACLs

only:

Source

IPv6

address
and
prefix

length,

IPv4

address

with

port

number

(if

configured)

and

netmask,

or

source
network
object

group

(if

configured)

that

is

being

applied

to

this

ACL

entry.

For

information
about
setting

this

attribute,

see

the

“Setting

Ext

ended

ACL

Attributes”

section

on

pa

ge

6-82 .
IPv6
requires

ACE

module

and

ACE

appliance

software

Version

A5(1.0)

or

later.
Destination
This
field

contains

the

fol

lowing

i

nformation

for

Ext

ended

ACLs

onl

y:

Destination

IPv6
address
and

prefix

length,

IPv4

address

with

port

number

(if

configured)

and

netmask,

or
destination
network

object

group

(if

configured)

that

is

being

applied

to

this

ACL

entry.

For
information
about

setting

this

attribute,

see

the

“Setting

Extended

ACL

Attributes”

section

on
page
6-82 .
IPv6
requires

ACE

module

and

ACE

appliance

software

Version

A5(1.0)

or

later.
A
d

d


To


Ta

b

l

e


b

u

t

t

o

n
Button
to

add

multiple

ACL

entries,

one

at

a

time

before

clicking

Deploy.
Remove
From

Table

but

t

on
Button
to

remove

multiple

ACL

entries,

one

at

a

time

before

clicking

Deploy.


Input/Output
Direction


Currently
Assigned
(ACL:Direction)
Field
that

allows

you

to

associate

the

ACL

with

one

or

more

interfaces

allowing

only

one

input
and
one

output

ACL

for

each

interface.

The

top

left

checkbox

under

the

Interfaces

section
allows
you

to

choose

and

apply

to

all

interfaces

“access-group

input.”