Table of Contents
Advertisement
A
C
L
CCESS
ONTROL
Figure 170: Showing the SSH User's Public Key
ISTS
Access Control Lists (ACL) provide packet filtering for IPv4 frames (based
on address, protocol, Layer 4 protocol port number or TCP control code), or
any frames (based on MAC address or Ethernet type). To filter incoming
packets, first create an access list, add the required rules, and then bind
the list to a specific port.
Configuring Access Control Lists –
An ACL is a sequential list of permit or deny conditions that apply to IP
addresses, MAC addresses, or other more specific criteria. This switch tests
ingress packets against the conditions in an ACL one by one. A packet will
be accepted as soon as it matches a permit rule, or dropped as soon as it
matches a deny rule. If no rules match, the packet is accepted.
C
U
OMMAND
SAGE
The following restrictions apply to ACLs:
The maximum number of ACLs is 64.
◆
The maximum number of rules per system is 512 rules.
◆
An ACL can have up to 32 rules. However, due to resource restrictions,
◆
the average number of rules bound to the ports should not exceed 20.
The maximum number of rules that can be bound to the ports is 64 for
◆
each of the following list types: MAC ACLs, IP ACLs (including Standard
and Extended ACLs), IPv6 Standard ACLs, and IPv6 Extended ACLs.
The maximum number of rules (Access Control Entries, or ACEs) stated
above is the worst case scenario. In practice, the switch compresses
the ACEs in TCAM (a hardware table used to store ACEs), but the actual
maximum number of ACEs possible depends on too many factors to be
precisely determined. It depends on the amount of hardware resources
reserved at runtime for this purpose.
– 317 –
| Security Measures
C
13
HAPTER
Access Control Lists
- Quick Links:
- Connecting to the Switch
Hide quick links:
Advertisement
Table of Contents
