Enterasys C3 Configuration Guide 34-1
34
Configuring Access Control Lists
This chapter describes how to configure and apply router mode Access Control Lists (ACLs). For
information about switch mode Service ACLs, refer to Chapter 35, Configuring Service Access
Control Lists.
About Access Control Lists
Router mode ACLs have been enhanced to include two new types, in addition to the standard and
extended IPv4 types. ACL types are:
• MAC ACLs, which support rules-based source and destination MAC addresses as well as
Ethertype, VLAN tag, and priority tag values. MAC ACLs are uniquely identified by name.
• IPv6 ACLS, which support rules based on protocol, IPv6 source and destination addresses,
layer 4 port, DSCP value, and Flow Label value. IPv6 ACLs are uniquely identified by name.
• Standard IP ACLs, which support standard rules based on source IPv4 address and mask.
Standard IP ACLs are uniquely identified by number.
• Extended IP ACLs, which support extended rules based on protocol, IPv4 source and
destination addresses, layer 4 port, precedence, TOS or DSCP values. Extended IP ACLs are
uniquely identified by number.
ACLs can now be applied to both VLAN interfaces (with the ip access-group command) and to
ports (with the access-list interface command). ACLs are supported on Link Agregation ports.
IPv6 and MAC ACL Considerations
In order to configure IPv6 or MAC ACLs, the switch must be put into access list “ipv6mode” with
the access-list ipv6mode command. By default, this mode is disabled and the rule limits for
standard and extended IPv4 ACLs remain unchanged.
When ipv6mode is disabled, IPv6 and MAC ACLs cannot be configured, and any existing IPv6
and MAC ACLs are removed from the configuration. This new mode cannot be enabled if Policy
is configured on the switch, and Policy configurations will not be accepted when the switch is in
ipv6mode.
When ipv6mode is enabled or disabled, a system reset is required to change the mode. The
configuration of ipv6mode is persistent and is shown in the running configuration.
Router: These commands can be executed when the device is in router mode only. For details
on how to enable router configuration modes, refer to “Enabling Router Configuration Modes” on
page 24-2.
To Next Page
Loading...
Need help?
General