136
(QCT) (Interface 0/1-0/20)#port-security
(QCT) (Interface 0/1-0/20)#exit
(QCT) (Config)#exit
3. View IPSG information.
(QCT) #show ip verify source
Interface Filter Type IP Address MAC Address VLAN
----------- ----------- --------------- ----------------- -----
0/1 ip-mac 192.168.3.45 00:1C:23:55:D4:8E 100
0/2 ip-mac 192.168.3.33 00:1C:23:AA:B8:01 100
0/3 ip-mac 192.168.3.18 00:1C:23:55:1B:6E 100
0/4 ip-mac 192.168.3.49 00:1C:23:67:D3:CC 100
--More-- or (q)uit
4.3. ACLs
Access Control Lists (ACLs) are a collection of permit and deny conditions, called rules, which provide security
by blocking unauthorized users and allowing authorized users to access specific resources.
ACLs can also provide traffic flow control, restrict contents of routing updates, and decide which types of
traffic are forwarded or blocked. ACLs can reside in a firewall router, a router connecting two internal
networks, or a Layer 3 switch.
QNOS software supports ACL configuration in both the ingress and egress direction. Egress ACLs provide the
capability to implement security rules on the egress flows (traffic leaving a port) rather than the ingress
flows (traffic entering a port). Ingress and egress ACLs can be applied to any physical port, Port-channel, or
VLAN routing port.
Depending on whether an ingress or egress ACL is applied to a port, when the traffic enters (ingress) or leaves
(egress) a port, the ACL compares the criteria configured in its rules, in order, to the fields in a packet or
frame to check for matching conditions. The ACL forwards or blocks the traffic based on the rules.
Note: Every ACL is terminated by an implicit deny all rules, which covers any packet not matching a
preceding explicit rule.
You can set up ACLs to control traffic at Layer 2, Layer 3, or Layer 4. MAC ACLs operate on Layer 2. IP ACLs
operate on Layers 3 and 4. QNOS
supports
both IPv4 and IPv6 ACLs.
4.3.1. MAC ACLs
MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect the following fields of a packet:
ï‚·
Source MAC address
To Next Page
Loading...
Need help?
General