74 CHAPTER 10: MAKING YOUR NETWORK SECURE
A maximum of 32 access lists can be applied under the current operating
system. Access list rules can be applied and traffic is forwarded at wire
speed using layer 3 destination IP addresses and network ports.
How Access Control
List Rules Work
When a packet is received on a port, it is compared against the ACL
bound to that port. If the destination address of the packet lies within the
address range of one of the ACL’s rules then that rule is applied. By
default, if no access list has been defined for a network port, all IP traffic
will be permitted. Denial is based on a pre-defined rule.
For example:
Packet destination IP address: 10.101.67.45
Rule destination address: 10.101.67.0
Rule destination mask: 255.255.255.0
Rule action: deny
As a result of the above rule, the packet matches the parameters of the
rule and will be blocked.
Port Security The Switch 3226 and Switch 3250 support the following port security
modes, which you can set for an individual port or a range of ports:
■ No Security
Port security is disabled and all network traffic is forwarded through
the port without any restrictions.
■ Static
Access will be restricted to MAC addresses that have already
connected to the port. To add a new device, change the security
setting for the port to No Security, connect the device and change the
setting back to Static.
■ Network Login
When the user has been successfully authorized, all network traffic is
forwarded through the port without any restrictions. For further
information see “
What is Network Login?” on page 75.
■ Network Login (Secure)
When the user has been successfully authorized, only network traffic
that is received from the authorized client device is forwarded through
To Next Page
Loading...
