Acls - Dell PowerConnect 5548P System User's Manual

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell

ACLs

This section describes Access Control Lists (ACLs), which enable defining
classification actions and rules for specific ingress or egress ports.
It contains the following topics:
• ACL Overview
• MAC-Based ACLs
• MAC-Based ACEs
• IPv4-Based ACLs
• IPv4-Based ACEs
• IPv6-Based ACLs
• IPv6-Based ACEs
ACL Overview
Access Control Lists (ACLs) enable network managers to define classification
actions and rules for specific ingress or egress ports. Packets entering an
ingress or egress port, with an active ACL, are either admitted or denied entry.
If entry is denied, the ingress or egress port may be disabled, for example, a
network administrator defines an ACL rule that states that port number 20
can receive TCP packets, however, if a UDP packet is received, the packet is
dropped.
ACLs are composed of Access Control Entries (ACEs) that are rules that
determine traffic classifications. Each ACE is a single rule, and up to 256
rules may be defined on each ACL, and up to 3000 rules globally.
Rules are not only used for user configuration purposes, they are also used for
features like DHCP Snooping, Protocol Group VLAN and iSCSI, so that not
all 3000 rules are available for ACEs. It is expected that there will be at least
2000 rules available. If there are fewer rules available, this may be due to
DHCP Snooping or iSCSI optimization. Reduce the number of entries in
DHCP Snooping or reduce the max number of TCP connections in the iSCSI
configuration in order to free rules for ACEs.
The following types of ACLs can be defined:
• MAC-based ACL — Examines Layer 2 fields only
• IPv4-based ACL —Examines the Layer 3 layer of IPv4 frames
D E L L C O N F I D E N T I A L – P R E L I M I N A R Y 9 / 1 1 / 1 2 - F O R P R O O F O N LY
Contax\CxU_Switching_NetworkSecurity.fm
Dell PowerConnect 55xx Systems User Guide
103