EasyManua.ls Logo

Black Box LIE1014A - Case 2: ACL for IP Address; Case 3: ACL for L4 Port; Case 4: ACL for Tos

Black Box LIE1014A
96 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
55
1.8 7 7. 87 7. 2 2 6 9 BLACKBOX.COM
NEED HELP?
LEAVE THE TECH TO US
LIVE 24/7
TECHNICAL
SUPPORT
1.8 77.87 7.2269
CHAPTER 5: SECURITY APPLICATION
CLI COMMAND
access-list ace 5 next 6 ingress interface GigabitEthernet 1/3 policy 5 frametype etype smac 00-00-00-00-00-13
dmac 00-00-00-00-00-11
Exit
monitor destination interface GigabitEthernet 1/5
monitor source cpu both
exit
interface GigabitEthernet 1/3
switchport trunk allowed vlan 4,5
switchport trunk vlan tag native
!
interface GigabitEthernet 1/4
switchport trunk allowed vlan 4,5
switchport trunk vlan tag native
exit
5.2 CASE 2: ACL FOR IP ADDRESS
For IP address ACL, the switch can filter on source IP address, destination IP address, or both. It also supports setting the IP range
ACL. When it filters on both IP address, packets that coincide with both rules will take effect. In other words, it does not filter if it
only coincides with one rule.
To filter only one directional IP address, set the other IP address to all zero. This means don’t care. In addtion to IP address, the
switch also supports Protocol filtering. (TCP=6, UDP=17, etc.) Certain Protocols under these IP addresses will take effect. If the
user prefers doesn’t care Protocol, he can just set this valueto zero. The detailed testing, refer to MAC ACL.
5.3 CASE 3: ACL FOR L4 PORT
For Layer4 port ACL, the switch can filter on (1) source IP address, (2) source L4 port, (3) destination IP address, (4) destination L4
port, and (5) UDP or TCP Protocol. Users can select to filter on (1)~(4) for all or some specific values, but you should select exactly
one Protocol from UDP or TCP.
When the switch filters on both directional IP address and L4 port, packets that coincide with both rules will take effect. In other
words, the switch does not filter if it only coincides with one rule.
If user wants to filter only one directional IP address or L4 port, set the other IP address and L4 port to all zeroes. This means don’t
care. For detailed testing, refer to MAC ACL.
5.4 CASE 3: ACL FOR TOS
For Type of Service (ToS) ACL, the switch can filter on (1) source IP address with ToS type , or (2) destination IP address with ToS
type, or (3) both, or (4) both not (just filter ToS). When it filters on both IP address, packets that coincide with both rules will take
effect. In other words, it does not filter if it only coincides with one rule.
To filter only one directional IP address, set the other IP address to all zeroes. It means don’t care. For detailed testing, refer to
case 1 MAC ACL.
Valid Values: Precedence: 0–7, ToS: 0–15, DSCP: 0–63

Table of Contents

Other manuals for Black Box LIE1014A

Preview: Quick Start Guide
Quick Start Guide24 pages

Related product manuals