EasyManua.ls Logo

Supermicro SSE-F3548S - 8 ACL; 8.1 Types of ACLs

Supermicro SSE-F3548S
366 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide
218
8 ACL
ACL is used to filter or redirect any particular traffic flow on the switch.
ACLs can be configured to match packets based on Layer 2 MAC or Layer3 or Layer 4 TCP/UDP
Parameters.
Every packet entering the switch is checked for the configured ACLs. If any packet contents match any of
the configured ACLs, that packet will be handled according to the matched ACL configured action.
The ACL configuration provides the following actions that can be applied on matched traffic flow.
Supermicro switches implement ACL in hardware ASIC (Application Specific Integrated Circuit) to provide
line rate ACL processing for all incoming traffic.
User configured ACL rules are programmed in an ACL table in ASIC. Layer 2 MAC extended ACLs and Layer
3 IP ACLs are implemented in two separate hardware tables, which are TCAM tables in ASIC.
ASIC analyzes the first 128 bytes of every received packet and extracts the packet contents for key fields
in the Layer 2, Layer 3 and Layer 4 headers. ASIC then looks up the ACL tables to find a matching ACL rule
for the extracted content of the packet. ASIC compares the values of the configured fields only and treats
all other fields as “do not care”. Once a matching ACL is found, ASIC stops looking in that ACL table.
ASIC applies the configured action of the matching ACL rule to the matched packet. This could result in it
dropping that packet, redirecting it to any particular port or simply allowing the packet to be forwarded
through the switch.
A lookup on the Layer 2 and Layer 3 ACL tables happens simultaneously. If any packet matches the ACL
rules of both Layer 2 and Layer 3 ACL tables, the actions configured on both ACL rules will be applied. In
this case, conflicting actions configured on Layer 2 and Layer 3 ACL tables for the same traffic could lead
to unpredictable behavior. Hence, it is suggested to avoid such ACL use cases.
8.1 Types of ACLs
Supermicro switches support the following three different types of ACLs.
The switch drops all packets matching this ACL
Deny
The switch redirects all packets matching this ACL to any
configured redirect port
Redirect
The switch permits all packets matching this ACL
Permit

Table of Contents

Related product manuals