Access Control Lists (Acls); Overview - Dell PowerConnect M6348 Configuration Manual

Configuration guide

Hide thumbs Also See for PowerConnect M6348:

Cli reference manual (1152 pages)

Getting started manual (208 pages)

User configuration manual (1294 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

page of 158

/ 158
Contents
Table of Contents
Bookmarks

Table of Contents

Filter-id = "internet_access"

3 The DiffServ policy specified in the attribute must already be configured on the switch, and the policy

names must be identical.

For information about configuring a DiffServ policy, see "Differentiated Services" on page 137. The

section, "Example #1: DiffServ Inbound Configuration" on page 138," describes how to configure a

policy named internet_access.

NOTE:

If the policy specified within the server attribute does not exist on the switch, authentication will fail.

Access Control Lists (ACLs)

This section describes the Access Control Lists (ACLs) feature.

Overview

Access Control Lists (ACLs) are a collection of permit and deny conditions, called rules, that provide

security by blocking unauthorized users and allowing authorized users to access specific resources.

ACLs can also provide traffic flow control, restrict contents of routing updates, and decide which types of

traffic are forwarded or blocked. Normally ACLs reside in a firewall router or in a router connecting two

internal networks.

The PowerConnect M6220/M6348/M8024 switches support ACL configuration in both the ingress and

egress direction. Egress ACLs provide the capability to implement security rules on the egress flows

rather than the ingress flows. On the M6348 and M8024 switches, ingress and egress ACLs can be

applied to any physical port (including 10G), port-channel, or VLAN routing port. On the M6220, egress

ACLs may only be applied to physical ports and may only be IPv4 ACLs (not MAC or IPv6 ACLs).

Ingress ACLs support Flow-based Mirroring and ACL Logging, which have the following characteristics:

•

Flow-based mirroring is the ability to mirror traffic that matches a permit rule to a specific physical

port or LAG. Flow-based mirroring is similar to the redirect function, except that in flow-based

mirroring a copy of the permitted traffic is delivered to the mirror interface while the packet itself is

forwarded normally through the device. You cannot configure a given ACL rule with mirror and

redirect attributes.

•

ACL Logging provides a means for counting the number of "hits" against an ACL rule. When you

configure ACL Logging, you augment the ACL deny rule specification with a "log" parameter that

enables hardware hit count collection and reporting. The switch uses a fixed five minute logging

interval, at which time trap log entries are written for each ACL logging rule that accumulated a non-

zero hit count during that interval. You cannot configure the logging interval.

Using ACLs to mirror traffic is called flow-based mirroring since the traffic flow is defined by the ACL

classification rules. This is in contrast to port mirroring, where all traffic encountered on a specific

interface is replicated on another interface.

You can set up ACLs to control traffic at Layer 2, Layer 3, or Layer 4. MAC ACLs operate on Layer 2. IP

ACLs operate on Layers 3 and 4.

106

Device Security

Table of Contents

This manual is also suitable for:

Poweredge m520 Poweredge m820 Powerconnect m6220 Powerconnect m8024

Access Control Lists (Acls); Overview - Dell PowerConnect M6348 Configuration Manual

Access Control Lists (ACLs)

Overview

Related Manuals for Dell PowerConnect M6348

Related Content for Dell PowerConnect M6348

This manual is also suitable for:

Table of Contents