42
1.8 7 7. 87 7. 2 2 6 9 BLACKBOX.COM
NEED HELP?
LEAVE THE TECH TO US
LIVE 24/7
TECHNICAL
SUPPORT
1.8 77.87 7.2269
CHAPTER 5: SECURITY APPLICATION
ACL function supports access control security for MAC address, IP address, Layer4 Port, and Type of Service. Each has five
actions: Deny, Permit, Queue Mapping, CoS Marking, and Copy Frame. The user can set the default ACL rule to Permit or Deny.
TABLE 5-1. ACL FUNCTIONS
DEFAULT ACL RULE
ACTIONS
DENY PERMIT QUEUE MAPPING COS MARKING COPY FRAME
Permit (a) (b) (c) (d) (e)
Deny (f) (g) (h) (i) (j)
Brief descriptions of the table above:
(a): Permit all frames, but deny frames set in ACL entry.
(b): Permit all frames.
(c): Permit all frames, and do queue mapping of the transmitting frames.
(d): Permit all frames, and change CoS value of the transmitting frames.
(e): Permit all frames, and copy frame set in an ACL entry to a defined GE port.
(f): Deny all frames.
(g): Deny all frames, but permit frames set in an ACL entry.
(h): Deny all frames.
(i): Deny all frames.
(j): Deny all frames, but copy frame set in an ACL entry to a defined GE port.
5.1 CASE 1: ACL FOR MAC ADDRESS
For MAC address ACL, the switch can filter on source MAC address, destination MAC address, or both. When it filters on both MAC
address, packets coinciding with both rules will take effect. In other words, it does not filter if it only coincides with one rule.
To filter only one directional MAC address, set the other MAC address to all zeroes. Besides MAC address, the switch also supports
VLAN and Ether type for filter additionally. Certain VLAN or Ether type under these MAC address will take effect. If the user doesn’t
care if the switch uses VLAN or Ether type, he can just set to zero values. Following are examples:
CASE 1A
User can set default ACL Rule of the GE port as “Permit,” then bind a suitable profile with “deny” action for ACL. It means GE port
can pass through all packets but not the ACL entry of the profile binding.
One directional MAC address with one VLAN deny filtering.
STEP 1: Create a new ACL Profile. (Profile Name: DenySomeMac)
To Next Page
Loading...
Need help?
General