beautypg.com

Configuring acls, Unsupported features – IBM 12.1(22)EA6 User Manual

Page 390

background image

22-6

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Chapter 22 Configuring Network Security with ACLs

Configuring ACLs

In this example, the first ACE permits all the TCP packets coming from host 10.1.1.1 with a
destination TCP port number of 80. The second ACE permits all TCP packets coming from host
20.1.1.1 with a destination TCP port number of 23. Both the ACEs use the same mask; therefore, a
switch supports this ACL.

When you apply an ACL to a physical interface, some keywords are not supported and certain mask
restrictions apply to the ACLs. See the

“Creating a Numbered Standard ACL” section on page 22-8

and the

“Creating a Numbered Extended ACL” section on page 22-9

for creating these ACLs.

Note

You can also apply ACLs to a management interface without the above limitations. For information, see
the “Configuring IP Services” section of the Cisco IOS IP and IP Routing Configuration Guide, Cisco
IOS Release 12.1 and the Cisco IOS IP and IP Routing Command Reference, Cisco IOS Release 12.1.

Configuring ACLs

This section includes these topics:

“Unsupported Features” section on page 22-6

“Creating Standard and Extended IP ACLs” section on page 22-7

“Creating Named MAC Extended ACLs” section on page 22-17

“Creating MAC Access Groups” section on page 22-18

Configuring ACLs on a Layer 2 interface is the same as configuring ACLs on Cisco routers. The process
is briefly described here. For more detailed information about configuring router ACLs, see the
“Configuring IP Services” chapter in the Cisco IP and IP Routing Configuration Guide, Cisco IOS
Release 12.1. For detailed information about the commands, see the Cisco IOS IP and IP Routing
Command Reference, Cisco IOS Release 12.1. For a list of Cisco IOS features not supported on the
switch, see the

“Unsupported Features” section on page 22-6

.

Unsupported Features

The switch does not support these Cisco IOS router ACL-related features:

Non-IP protocol ACLs (see

Table 22-2 on page 22-7

)

Bridge-group ACLs

IP accounting

ACL support on the outbound direction

Inbound and outbound rate limiting (except with QoS ACLs)

IP packets that have a header length of less than 5 bytes

Reflexive ACLs

Dynamic ACLs

ICMP-based filtering

Interior Gateway Routing Protocol (IGMP)-based filtering

See also other documents in the category IBM Computer Accessories: