Table of Contents
Advertisement
82
C
4: M
HAPTER
ANAGING
Defining Access
Control Lists
D
S
EVICE
ECURITY
Access Control Lists (ACLs) allow network managers to define
classification actions and rules for specific ingress ports. Packets entering
an ingress port, with an active ACL are either admitted or denied entry.
For example, an ACL rule states that port number 20 can receive TCP
packets, however, if a UDP packet is received, the packet will be dropped.
ACLs are composed of access control entries (ACEs) that are made of the
filters that determine traffic classifications.
The following are examples of filters that can be defined as ACEs:
Source Port IP Address and Wildcard Mask — Filters packets by
■
the source port IP address and wildcard mask.
Destination Port IP Address and Wildcard Mask — Filters packets
■
by the destination port IP address and wildcard mask.
Protocol — Filters packets by the IP protocol.
■
DSCP — Filters packets by the DiffServ Code Point (DSCP) value.
■
IP Precedence — Filters packets by the IP Precedence.
■
Action — Indicates the action assigned to the packet matching the
■
ACL. Packets are forwarded or dropped.
This section includes the following topics:
Viewing MAC Based ACLs
■
Configuring MAC Based ACLs
■
Removing MAC Based ACLs
■
Viewing IP Based ACLs
■
Defining IP Based ACLs
■
Removing IP Based ACLs
■
Viewing ACL Binding
■
Configuring ACL Binding
■
Removing ACL Binding
■
Hide quick links:
Advertisement
Table of Contents
