Table of Contents
Advertisement
A
C
L
CCESS
ONTROL
Figure 149: Showing the SSH User's Public Key
ISTS
Access Control Lists (ACL) provide packet filtering for IPv4 frames (based
on address, protocol, Layer 4 protocol port number or TCP control code),
IPv6 frames (based on address, next header type, or flow label), or any
frames (based on MAC address or Ethernet type). To filter incoming
packets, first create an access list, add the required rules, and then bind
the list to a specific port.
Configuring Access Control Lists –
An ACL is a sequential list of permit or deny conditions that apply to IP
addresses, MAC addresses, or other more specific criteria. This switch tests
ingress packets against the conditions in an ACL one by one. A packet will
be accepted as soon as it matches a permit rule, or dropped as soon as it
matches a deny rule. If no rules match, the packet is accepted.
C
U
OMMAND
SAGE
The following restrictions apply to ACLs:
The maximum number of ACLs per port is 36.
◆
The maximum number of rules per port is also 93.
◆
The order in which active ACLs are checked is as follows:
User-defined rules in IP and MAC ACLs for ingress ports are checked in
1.
parallel.
Rules within an ACL are checked in the configured order, from top to
2.
bottom.
If the result of checking an IP ACL is to permit a packet, but the result
3.
of a MAC ACL on the same packet is to deny it, the packet will be
denied (because the decision to deny a packet has a higher priority for
– 283 –
| Security Measures
C
13
HAPTER
Access Control Lists
- Quick Links:
- Port Configuration
- Connecting to the Switch
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
