Protection from unauthorized access
Basic - L3P
Release
4.0
11/07
6.6
Access Control Lists (ACL).
17
6.6 Access Control Lists (ACL).
You can use Access Control Lists (ACL) to filter out, forward, divert or prior-
itize data packets as they are received. The Switch provides
X MAC-based ACLs and
X IP-based ACLs.
The switch considers the ACLs when it receives a packet. This is why the lists
are called Ingress ACLs.
The Switch provides the following ACL capabilities:
X Up to 100 ACLs
X 10 rules per ACL
X Up to 100 rules per interface
X Up to 1000 rules on all interfaces combined
X Possible actions:
– permit and deny
– in combination with permit: assign queue and redirect - i.e. if a rule ap-
plies, the packet is forwarded to the specific interface.
X "Deny everything" is always the (invisible) final rule. It comes into effect if
no other rules apply to this interface.
The configuration of ACLs consists of the following steps:
First define ACL and then
attach the ACL to one or all interfaces.
You can attach ACLs to all physical ports and to all link aggregation inter-
faces.
The sequence used in defining the rules of a list and the sequence in which
these lists are connected to an interface, determines the sequence in which
the rules and lists are used (see on page 26 "Specifying the sequence of the
rules").
To Next Page
Loading...
Need help?
General
