Table of Contents
Advertisement
ACL Commands
Dell EMC Networking N1100-ON/N1500/N2000/N2100-
ON/N3000/N3100-ON/N4000 Series Switches
Access to a switch or router can be made more secure through the use of
Access Control Lists (ACLs) to control the type of traffic allowed into or out
of specific ports. An ACL consists of a series of rules, each of which describes
the type of traffic to be processed and the actions to take for packets that
meet the classification criteria. Rules within an ACL are evaluated
sequentially until a match is found, if any. An implicit deny-all rule is added
after the end of the last configured access group. ACLs can help ensure that
only authorized users have access to specific resources while blocking out any
unwarranted attempts to reach network resources.
ACLs may be used to restrict contents of routing updates, decide which types
of traffic are forwarded or blocked and, above all, provide security for the
network. ACLs are normally used in firewall routers that are positioned
between the internal network and an external network, such as the Internet.
They can also be used on a router positioned between two parts of the
network to control the traffic entering or exiting a specific part of the internal
network.
The Dell EMC Networking ACL feature allows classification of packets based
upon Layer 2 through Layer 4 header information. An Ethernet IPv6 packet is
distinguished from an IPv4 packet by its unique EtherType value; thus, all
IPv4 and IPv6 classifiers implicitly include the EtherType field.
Multiple ACLs per interface are supported. The ACLs can be a combination
of Layer 2 and/or Layer 3/4 ACLs. ACL assignment is appropriate for both
Ethernet ports and LAGs. ACLs can also be time based. The maximum
number of ACLs and rules supported depends on the resources consumed by
other processes and configured features running on the switch.
ACL Logging
Access list rules are monitored in hardware to either permit or deny traffic
matching a particular classification pattern, but the network administrator
currently has no insight as to which rules are being hit. Dell EMC Networking
platforms have the ability to count the number of hits for a particular
260
Layer 2 Switching Commands
Advertisement
Table of Contents
