MAC ACLs
MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect the following fields of a
packet (limited by platform):
•
Source MAC address with mask.
•
Destination MAC address with mask.
•
VLAN ID (or range of IDs).
•
Class of Service (CoS) (802.1p) .
•
EtherType:
-
Secondary CoS (802.1p).
-
Secondary VLAN (or range of IDs).
•
L2 ACLs can apply to one or more interfaces.
•
Multiple access lists can be applied to a single interface: the sequence number
determines the order of execution.
•
You cannot configure a MAC ACL and an IP ACL on the same interface.
•
You can assign packets to queues using the assign queue option.
•
You can redirect packets using the redirect option.
IP ACLs
IP ACLs classify for Layer 3. Each ACL is a set of up to 10 rules applied to inbound traffic.
Each rule specifies whether the contents of a given field should be used to permit or deny
access to the network, and can apply to one or more of the following fields within a packet:
•
Source IP address
•
Destination IP address
•
Source Layer 4 port
•
Destination Layer 4 port
•
ToS byte
•
Protocol number
Note that the order of the rules is important: When a packet matches multiple rules, the first
rule takes precedence. Also, once you define an ACL for a given port, all traffic not
specifically permitted by the ACL is denied access.
ACL Configuration
To configure ACLs:
1.
Create an ACL by specifying a name (MAC ACL) or a number (IP ACL).
2.
Add new rules to the ACL.
3.
Configure the match criteria for the rules.
112 |
Chapter 10. ACLs
ProSafe Managed Switch