Chapter 17 Security Management; Layer 2 Access Control List Management; Fabric Os Layer 2 Acl Configuration - Brocade Communications Systems StoreFabric SN6500B User Manual
Brocade network advisor san user manual v12.0.0 (53-1002696-01, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- Command reference manual (1168 pages) ,
- Reference (934 pages) ,
- Reference manual (370 pages)
Table of Contents
Advertisement
Security Management
In this chapter
Layer 2 access control list management
A Layer 2 access control list (ACL) enables you to filter traffic based on the information in the IP
packet header using the MAC address and Ethernet type.
NOTE
Layer 2 ACLs can filter traffic for both Fabric OS and IronWare FCoE devices.
An ACL is a unique collection of permit and deny statements (rules) that apply to frames. You can
use ACLs to permit or deny incoming frames from passing through an interface to which you
assigned the ACLs. When the interface receives the frame, the device compares the fields in the
frame against any ACLs assigned to the interface to verify that the frame has the required
permissions to be forwarded. The device compares the frame, sequentially, against each rule in the
assigned ACL. If the frame matches the permit rule, the traffic is forwarded; otherwise, the traffic is
dropped.
You should configure the ACL on the device before you assign the ACL to an interface. You can
create multiple ACLs and save them to the device configuration. However, the ACL does not filter
traffic until you assign it to an interface. You can assign an ACL on a physical port, Virtual LAN
(VLAN), or Link Aggregation Group (LAG).
For Fabric OS devices, you can create two types of ACLs:
•
•
Fabric OS Layer 2 ACL configuration
This section provides procedures for configuring a standard for extended Layer 2 ACL on a device,
assigning the Layer 2 ACL to an interface, as well as clearing Layer 2 ACL assignments from a
device.
Brocade Network Advisor SAN User Manual
53-1002696-01
•
Layer 2 access control list management . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
•
Security configuration deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498
Standard ACL — Use to permit and deny traffic based on the source MAC address of incoming
frames. You should use standard ACLs when you only need to filter traffic based on the source
address.
Extended ACL — Use to permit and deny traffic based on the source and destination MAC
addresses and EtherType, of incoming frames.
Chapter
17
489
- Quick Links:
- Viewing Port Status
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
