Table of Contents
Advertisement
Defining Access
Control Lists
Access Control Lists (ACL) allow network managers to define classifi-
cation actions and rules for specific ingress ports. Packets entering an
ingress port, with an active ACL are either admitted or denied entry. If
they are denied entry, the port can be disabled.
For example, an ACL rule is defined states that port number 20 can
receive TCP packets, however, if a UDP packet is received, the packet is
dropped. ACLs are composed of access control entries (ACEs) that are
made of the filters that determine traffic classifications.
The following are examples of filters that can be defined as ACEs:
Source Port IP Address and Wildcard Mask — Filters the packets
by the Source port IP address and wildcard mask.
Destination Port IP Address and Wildcard Mask — Filters the
packets by the Source port IP address and wildcard mask.
ACE Priority — Filters the packets by the ACE priority.
Protocol — Filters the packets by the IP protocol.
DSCP — Filters the packets by the DiffServ Code Point (DSCP)
value.
IP Precedence — Filters the packets by the IP Precedence.
Action — Indicates the action assigned to the packet matching
the ACL. Packets are forwarded or dropped.
This section includes the following topics:
Viewing MAC Based ACLs
Configuring MAC Based ACLs
Removing MAC Based ACLs
Viewing IP Based ACLs
Defining IP Based ACLs
Modifying IP Based ACLs
Removing IP Based ACLs
Viewing ACL Binding
Configuring ACL Binding
Removing ACL Binding
C
4: M
D
HAPTER
ANAGING
EVICE
S
ECURITY
Hide quick links:
Advertisement
Table of Contents
