Chapter 7. Access Control Lists; Summary Of Packet Classifiers - IBM RackSwitch G8000 Application Manual

Chapter 7. Access Control Lists

Summary of Packet Classifiers

© Copyright IBM Corp. 2011
Access Control Lists (ACLs) are filters that permit or deny traffic for security
purposes. They can also be used with QoS to classify and segment traffic to provide
different levels of service to different traffic types. Each filter defines the conditions
that must match for inclusion in the filter, and also the actions that are performed
when a match is made.
IBM Networking OS 6.8 supports the following ACLs:
• IPv4 ACLs
Up to 512 ACLs are supported for networks that use IPv4 addressing. IPv4 ACLs
are configured using the following ISCLI command path:
RS G8000(config)# access-control list <IPv4 ACL number> ?
• IPv6 ACLs
Up to 128 ACLs are supported for networks that use IPv6 addressing. IPv6 ACLs
are configured using the following ISCLI command path:
RS G8000(config)# access-control list6 <IPv6 ACL number> ?
• VLAN Maps (VMaps)
Up to 128 VLAN Maps are supported for attaching filters to VLANs rather than
ports. See "VLAN Maps" on page 88
ACLs allow you to classify packets according to a variety of content in the packet
header (such as the source address, destination address, source port number,
destination port number, and others). Once classified, packet flows can be identified
for more processing.
IPv4 ACLs, IPv6 ACLs, and VMaps allow you to classify packets based on the
following packet attributes:
• Ethernet header options (for IPv4 ACLs and VMaps only)
– Source MAC address
– Destination MAC address
– VLAN number and mask
– Ethernet type (ARP, IP, IPv6, MPLS, RARP, etc.)
– Ethernet Priority (the IEEE 802.1p Priority)
for details.
79