Table of Contents
Advertisement
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Configuring IP Access Control Lists
Cisco MDS 9000 Family switches can route IP traffic between Ethernet and Fibre Channel interfaces.
The IP static routing feature is used to route traffic between VSANs. To do so, each VSAN must be in a
different IP subnetwork. Each Cisco MDS 9000 Family switch provides the following services for
network management systems (NMS):
•
•
•
Switches are compliant with RFC 2338 standards for Virtual Router Redundancy Protocol (VRRP)
features. VRRP is a restartable application that provides a redundant, alternate path to the gateway
switch.
This chapter includes the following sections:
•
IP Access Control Lists
IP Access Control Lists (IP-ACLs) provide basic network security to all switches in the Cisco MDS 9000
Family. IP-ACLs restrict IP-related traffic based on the configured IP filters. A filter contains the rules
to match an IP packet, and if the packet matches, the rule also stipulates if the packet should be permitted
or denied.
Each switch in the Cisco MDS 9000 Family can have a maximum total of 128 IP-ACLs, each IP-ACL
can have a maximum of 256 filters.
OL-6973-03, Cisco MDS SAN-OS Release 2.x
IP forwarding on the out-of-band Ethernet interface (mgmt0) on the front panel of the supervisor
modules.
IP forwarding or in-band Fibre Channel interface using the IP over Fibre Channel (IPFC)
function—IPFC specifies how IP frames can be transported over Fibre Channel using encapsulation
techniques. IP frames are encapsulated into Fibre Channel frames so NMS information can cross the
Fibre Channel network without using an overlay Ethernet network.
IP routing (default routing and static routing)—If your configuration does not need an external
router, you can configure a default route using static routing.
IP Access Control Lists, page 29-1
C H A P T E R
Cisco MDS 9000 Family Configuration Guide
29
29-1
Advertisement
Table of Contents
