95
Configuration \ Security \ Network \ ACL \ Access Control List
Figure 34: Access Control List Configuration
USAGE GUIDELINES
◆ Rules within an ACL are checked in the configured order, from top to bottom. A packe will
be accepted as soon as it matches a permit rule, or dropped as soon as it matches a deny
rule. If no rules match, the frame is accepted.
◆ The maximum number of ACL rules that can be configured on the switch is 128.
◆ The maximum number of ACL rules that can be bound to a port is 10.
◆ ACLs provide frame filtering based on any of the following criteria:
■ Any frame type (based on MAC address, VLAN ID, VLAN priority)
■ Ethernet type (based on Ethernet type value, MAC address, VLAN ID, VLAN priority)
■ ARP (based on ARP/RARP type, request/reply, sender/target IP, hardware address
matches ARP/RARP MAC address, ARP/RARP hardware address length matches
protocol address length, matches this entry when ARP/RARP hardware address is equal to
Ethernet, matches this entry when ARP/RARP protocol address space setting is equal to
IP (0x800)
■ IPv4 frames (based on destination MAC address, protocol type, TTL, IP fragment, IP
option flag, source/destination IP, VLAN ID, VLAN priority)
PARAMETERS
These parameters are displayed:
ACCESS CONTROL LIST CONFIGURATION
◆ Ingress Port – Any port, port identifier, or policy.
◆ Frame Type – The type of frame to match.
◆ Action – Shows whether a frame is permitted or denied when it matches an ACL rule.
To Next Page
Loading...
