Chapter 8 Configuring Acls Using The Cee Cli; In This Chapter; Acl Overview - Brocade Communications Systems 1606 Administrator's Manual

Converged enhanced ethernet administrator's guide v6.4.0 (53-1001761-01, june 2010)

Hide thumbs Also See for 1606:

Command reference manual (988 pages)

Reference (792 pages)

Administrator's manual (592 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

Table of Contents

Configuring ACLs using the CEE CLI

In this chapter

ACL overview

NOTE

In the Brocade Fabric OS v6.4.0 release, only Layer 2 MAC access control lists (ACLs) are supported.

ACLs filter traffic for the Brocade FCoE hardware and permit or deny incoming frames from passing

through interfaces that have the ACLs applied to them. You can apply ACLs on VLANs and on Layer

2 interfaces. Each ACL is a unique collection of permit and deny statements (rules) that apply to

frames. When a frame is received on an interface, the switch compares the fields in the frame

against any ACLs applied to the interface to verify that the frame has the required permissions to

be forwarded. The switch compares the frame, sequentially, against each rule in the ACL and either

forwards the frame or drops the frame.

The switch examines ACLs associated with options configured on a given interface. As frames enter

the switch on an interface, ACLs associated with all inbound options configured on that interface

are examined. With MAC ACLs you can identify and filter traffic based on the MAC address, and

EtherType.

The primary benefits of ACLs are as follows:

•

There are two types of MAC ACLs:

•

MAC ACLs are supported on the following interface types:

•

Converged Enhanced Ethernet Administrator's Guide

53-1001761-01

DRAFT: BROCADE CONFIDENTIAL

•

ACL overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

•

Default ACL configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

•

ACL configuration guidelines and restrictions . . . . . . . . . . . . . . . . . . . . . . . . 86

•

ACL configuration and management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Provide a measure of security.

Save network resources by reducing traffic.

Block unwanted traffic or users.

Reduce the chance of denial of service (DOS) attacks.

Standard ACLs—Permit and deny traffic according to the source MAC address in the incoming

frame. Use standard MAC ACLs if you only need to filter traffic based on source addresses.

Extended ACLs—Permit and deny traffic according to the source and destination MAC

addresses in the incoming frame, as well as EtherType.

Physical interfaces

Logical interfaces (LAGs)

Chapter

Table of Contents

This manual is also suitable for:

Am866a - storageworks 8/8 base san switch 8/24 8/40 8/8 8/80 Storageworks 4400 - enterprise virtual array

Chapter 8 Configuring Acls Using The Cee Cli; In This Chapter; Acl Overview - Brocade Communications Systems 1606 Administrator's Manual

In this chapter

ACL overview

Related Manuals for Brocade Communications Systems 1606

Related Content for Brocade Communications Systems 1606

This manual is also suitable for:

Table of Contents