Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Planning an ACL Application on a Series 3400cl or Series 6400cl Switch
Example of ACL Resource Usage
This example illustrates how to check for current per-port rule and mask
availability, and then how to create and assign an ACL, and then to verify its
effect on per-port rule and mask resources. (For more detailed information
on configuring and applying ACLs, refer to the later sections of this chapter.)
Viewing the Current Per-Port Rule and Mask Usage
The show access-list resources command displays the currently available per-
port rules and masks.
In the default
configuration, there are
120 rules and 8 per-port
ACL masks available on
each port. These masks
are reserved for ACLs and
IGMP use.
Figure 10-7. Example of Available Per-Port Rules and ACL Masks
Standard ACL Using a Subset of the Switch’s Ports. Suppose that
ports 1 - 4 on a 3400cl or 6400cl switch belong to the following VLANs:
■ VLAN 1: 10.10.10.1
■ VLAN 2: 10.10.11.1
■ VLAN 3: 10.10.12.1
(Assume that ports 1-4 are tagged members of VLAN 22, although tagged/
untagged ports do not affect ACL operation because ACLs examine all
inbound traffic, regardless of VLAN membership.)
The system administrator wants to:
■ Permit inbound VLAN 1 traffic on all ports
■ Permit inbound VLAN 2 traffic on ports 1 - 4 from hosts 10.10.10.1-30
■ Deny inbound VLAN 2 traffic on ports 1 - 4 from hosts 10.10.10.31-255
10-23
To Next Page
Loading...
