514 Configuring Access Control Lists
Depending on whether an ingress or egress ACL is applied to a port, when the
traffic enters (ingress) or leaves (egress) a port, the ACL compares the criteria
configured in its rules, in order, to the fields in a packet or frame to check for
matching conditions. The ACL forwards or blocks the traffic based on the
rules.
You can set up ACLs to control traffic at Layer 2, Layer 3, or Layer 4. MAC
ACLs operate on Layer 2. IP ACLs operate on Layers 3 and 4. PowerConnect
8000/8100-series switches
support both IPv4 and IPv6 ACLs.
What Are MAC ACLs?
MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect the
following fields of a packet:
• Source MAC address
•Source MAC mask
• Destination MAC address
•Destination MAC mask
• VLAN ID
• Class of Service (CoS) (802.1p)
•EtherType
L2 ACLs can apply to one or more interfaces.
Multiple access lists can be applied to a single interface; sequence number
determines the order of execution.
You can assign packets to queues using the assign queue option.
NOTE: Every ACL is terminated by an implicit deny all rule, which covers any
packet not matching a preceding explicit rule.
To Next Page
Loading...
