Configuring Layer 2 Acls; Creating A Layer 2 Acl Table - Dell PowerConnect B-RX Configuration Manual
Bigiron rx series configuration guide v02.7.02
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1458 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
20
Configuring Layer 2 ACLs
•
•
•
•
•
Configuring Layer 2 ACLs
Configuring a Layer 2 ACL is similar to configuring standard and extended ACLs. Layer 2 ACL table
IDs range from 400 to 499, for a maximum of 100 configurable Layer 2 ACL tables. Within each
Layer 2 ACL table, you can configure from 64 (default) to 256 clauses. Each clause or entry can
define a set of Layer 2 parameters for filtering. Once you completely define a Layer 2 ACL table, you
must bind it to the interface for filtering to take effect.
The device evaluates traffic coming into the port against each ACL clause. When a match occurs,
the device takes the corresponding action. Once a match entry is found, the device either forwards
or drops the traffic, depending upon the action specified for the clause. Once a match entry is
found, the device does not evaluate the traffic against subsequent clauses.
By default, if the traffic does not match any of the clauses in the ACL table, the device drops the
traffic. To override this behavior, specify a "permit any any..." clause at the end of the table to
match and forward all traffic not matched by the previous clauses.
NOTE
Use precaution when placing entries within the ACL table. The Layer 2 ACL feature does not attempt
to resolve conflicts and assumes you know what you are doing.
Creating a Layer 2 ACL table
You create a Layer 2 ACL table by defining a Layer 2 ACL clause.
To create a Layer 2 ACL table, enter commands (clauses) such as the following at the Global
CONFIG level of the CLI. Note that you can add additional clauses to the ACL table at any time by
entering the command with the same table ID and different MAC parameters.
BigIron RX(config)# access-list 400 deny any any any etype arp
BigIron RX(config)# access-list 400 deny any any any etype ipv6
BigIron RX(config)# access-list 400 permit any any 100
This configuration creates a Layer 2 ACL with an ID of 400. When applied to an interface, this Layer
2 ACL table will deny all ARP and IPv6 traffic, and permit all other traffic in VLAN 100.
For more examples of valid Layer 2 ACL clauses, refer to
page 507.
Syntax: [no] access-list <num> permit | deny <src-mac> <mask> | any <dest-mac> <mask> | any
The <num> parameter specifies the Layer 2 ACL table that the clause belongs to. The table ID can
range from 400 to 499. You can define a total of 100 Layer 2 ACL tables.
506
The Layer 2 ACL feature cannot perform SNAP and LLC encapsulation type comparisons.
device processes ACLs in hardware.
You can use Layer 2 ACLs to block management access to the device. For example, you can
use a Layer 2 ACL clause to block a certain host from establishing a connection to the device
through Telnet.
You cannot edit or modify an existing Layer 2 ACL clause. If you want to change the clause, you
must delete it first, then re-enter the new clause.
You cannot add remarks to a Layer 2 ACL clause.
[<vlan-id> | any [etype <etype-str>] [log-enable]]
"Example Layer 2 ACL clauses"
BigIron RX Series Configuration Guide
on
53-1001810-01
Advertisement
Table of Contents
