C
HAPTER
4
| Configuring the Switch
Access Control Lists
– 121 –
◆ The maximum number of ACL rules that can be bound to a port is 10.
◆ ACLs provide frame filtering based on any of the following criteria:
■
Any frame type (based on MAC address, VLAN ID, VLAN priority)
■
Ethernet type (based on Ethernet type value, MAC address, VLAN
ID, VLAN priority)
■
ARP (based on ARP/RARP type, request/reply, sender/target IP,
hardware address matches ARP/RARP MAC address, ARP/RARP
hardware address length matches protocol address length, matches
this entry when ARP/RARP hardware address is equal to Ethernet,
matches this entry when ARP/RARP protocol address space setting
is equal to IP (0x800)
■
IPv4 frames (based on destination MAC address, protocol type, TTL,
IP fragment, IP option flag, source/destination IP, VLAN ID, VLAN
priority)
PARAMETERS
The following options are displayed on the Access Control List Configuration
page:
ACCESS CONTROL LIST CONFIGURATION
◆ Ingress Port - Any port, port identifier, or policy.
◆ Frame Type - The type of frame to match.
◆ Action - Shows whether a frame is permitted or denied when it
matches an ACL rule.
◆ Rate Limiter - Shows if rate limiting will be enabled or disabled when
matching frames are found.
◆ Port Copy - Shows the port to which matching frames are copied.
◆ Logging - Shows if logging of matching frames to the system log is
enabled or disabled.
Open the System Log Information menu (page 148) to view any entries
stored in the system log for this entry. Related entries will be displayed
under the “Info” or “All” logging levels.
◆ Shutdown - Shows if a port is shut down when a macthing frame is
found.
◆ Counter - Shows he number of frames which have matched any of the
rules defined for this ACL.
To Next Page
Loading...
