EasyManua.ls Logo

Dell PowerConnect B-RX - Filtering Based on Ethertype; Configuration Rules and Notes

Dell PowerConnect B-RX
1458 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
BigIron RX Series Configuration Guide 517
53-1002253-01
Chapter
20
Layer 2 ACLs
This chapter presents information to configure and view Layer 2 ACLs.
Layer 2 Access Control Lists (ACLs) filter incoming traffic based on Layer 2 MAC header fields in the
Ethernet/IEEE 802.3 frame. Specifically, Layer 2 ACLs filter incoming traffic based on any of the
following Layer 2 fields in the MAC header:
Source MAC address and source MAC mask
Destination MAC address and destination MAC mask
VLAN ID
Ethernet type
The Layer 2 ACL feature is unique to Brocade devices and differs from software-based MAC
address filters. MAC address filters use the CPU to filter traffic; therefore, performance is limited by
the CPU’s processing power. Layer 2 ACLs filter traffic at line-rate speed.
Filtering based on ethertype
Layer 2 ACLs can filter traffic based on protocol type. For each Layer 2 ACL etype entry bound to a
port, a CAM entry is written to the corresponding CAM. You can conserve CAM space by configuring
only the Layer 2 ACLs needed. For instance, to filter only IPV4-Len-5 traffic, specify that particular
etype. This results in one CAM entry. Configuration examples are provided in the section
“Configuring Layer 2 ACLs” on page 518
You can configure Layer 2 ACLs to use the etype argument to filter on the following etypes:
IPv4-Len-5 (Etype=0x0800, IPv4, HeaderLen 20 bytes)
ARP (Etype=0x0806, IP ARP)
IPv6 (Etype=0x86dd, IP version 6)
Configuration rules and notes
You cannot bind Layer 2 ACLs and IP ACLs to the same port. However, you can configure one
port on the device to use Layer 2 ACLs and another port on the same device to use IP ACLs.
You cannot bind a Layer 2 ACL to a virtual interface.
The Layer 2 ACL feature cannot perform SNAP and LLC encapsulation type comparisons.
BigIron RX processes ACLs in hardware.
You can use Layer 2 ACLs to block management access to the BigIron RX. For example, you can
use a Layer 2 ACL clause to block a certain host from establishing a connection to the device
through Telnet.
You cannot edit or modify an existing Layer 2 ACL clause. If you want to change the clause, you
must delete it first, then re-enter the new clause.

Table of Contents

Other manuals for Dell PowerConnect B-RX

Preview: Getting Started Guide
Getting Started Guide32 pages

Related product manuals