Enterasys C3G124-24 - Configuring Access Control Lists; About Access Control Lists

Enterasys C3G124-24

954 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Enterasys C3 Configuration Guide 34-1

34

Configuring Access Control Lists

This chapter describes how to configure and apply router mode Access Control Lists (ACLs). For

information about switch mode Service ACLs, refer to Chapter 35, Configuring Service Access

Control Lists.

About Access Control Lists

Router mode ACLs have been enhanced to include two new types, in addition to the standard and

extended IPv4 types. ACL types are:

• MAC ACLs, which support rules-based source and destination MAC addresses as well as

Ethertype, VLAN tag, and priority tag values. MAC ACLs are uniquely identified by name.

• IPv6 ACLS, which support rules based on protocol, IPv6 source and destination addresses,

layer 4 port, DSCP value, and Flow Label value. IPv6 ACLs are uniquely identified by name.

• Standard IP ACLs, which support standard rules based on source IPv4 address and mask.

Standard IP ACLs are uniquely identified by number.

• Extended IP ACLs, which support extended rules based on protocol, IPv4 source and

destination addresses, layer 4 port, precedence, TOS or DSCP values. Extended IP ACLs are

uniquely identified by number.

ACLs can now be applied to both VLAN interfaces (with the ip access-group command) and to

ports (with the access-list interface command). ACLs are supported on Link Agregation ports.

IPv6 and MAC ACL Considerations

In order to configure IPv6 or MAC ACLs, the switch must be put into access list “ipv6mode” with

the access-list ipv6mode command. By default, this mode is disabled and the rule limits for

standard and extended IPv4 ACLs remain unchanged.

When ipv6mode is disabled, IPv6 and MAC ACLs cannot be configured, and any existing IPv6

and MAC ACLs are removed from the configuration. This new mode cannot be enabled if Policy

is configured on the switch, and Policy configurations will not be accepted when the switch is in

ipv6mode.

When ipv6mode is enabled or disabled, a system reset is required to change the mode. The

configuration of ipv6mode is persistent and is shown in the running configuration.

Router: These commands can be executed when the device is in router mode only. For details

on how to enable router configuration modes, refer to “Enabling Router Configuration Modes” on

page 24-2.

Table of Contents

Related product manuals

Preview: Enterasys SecureStack C2

Enterasys SecureStack C2

Preview: SecureStack C2 C2G124-24

SecureStack C2 C2G124-24

Preview: Enterasys D-Series

Enterasys D-Series

Preview: Enterasys B5G124-24

Enterasys B5G124-24

Enterasys A4H124-48P

Enterasys 08G20G4-48

Preview: Enterasys B5G124-24P2

Enterasys B5G124-24P2

Enterasys SSA-G1018-0652

Preview: Enterasys Matrix 2G4072-52

Enterasys Matrix 2G4072-52

Preview: Enterasys Matrix-V V2H124-24

Enterasys Matrix-V V2H124-24

Preview: Enterasys Matrix E1 1H582-51

Enterasys Matrix E1 1H582-51

Preview: SecureStack B2 B2G124-48P

SecureStack B2 B2G124-48P