Each accessible traffic object contains an identifier to its ACL. The privileges determine whether there
are specific traffic object access rights.
ACL implementations can be quite complex, for example, when the ACEs are prioritized for the various
situation. In networking, the ACL refers to a list of service ports or network services that are available
on a host or server, each with a list of hosts or servers permitted or denied to use the service. ACL can
generally be configured to control inbound traffic, and in this context, they are similar to firewalls.
ACE is an acronym for Access Control Entry. It describes access permission associated with a particular
ACE ID.
There are three ACE frame types (Ethernet Type, ARP, and IPv4) and two ACE actions (permit and
deny). The ACE also contains many detailed, different parameter options that are available for
individual application.
4.10.1 Access Control List Status
This page shows the ACL status by different ACL users. Each row describes the ACE that is defined. It is
a conflict if a specific ACE is not applied to the hardware due to hardware limitations. The maximum
number of ACEs is 256 on each switch. The Voice VLAN OUI Table screen in Figure 4-10-1 appears.
Figure 4-10-1: ACL Status page screenshot
The page includes the following fields:
Object Description
• User
Indicates the ACL user.
• Ingress Port
Indicates the ingress port of the ACE. Possible values are:
Any: The ACE will match any ingress port.
Policy: The ACE will match ingress ports with a specific policy.
Port: The ACE will match a specific ingress port.
• Frame Type
Indicates the frame type of the ACE. Possible values are:
Any: The ACE will match any frame type.
EType: The ACE will match Ethernet Type frames. Note that an
Ethernet Type based ACE will not get matched by IP and ARP
frames.
To Next Page
Loading...