beautypg.com

Creating standard and extended ip acls, Acl numbers – IBM 12.1(22)EA6 User Manual

Page 391

background image

22-7

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Chapter 22 Configuring Network Security with ACLs

Configuring ACLs

Creating Standard and Extended IP ACLs

This section describes how to create switch IP ACLs. The switch tests packets against the conditions in
an access list one by one. The first match determines whether the switch accepts or rejects the packet.
Because the switch stops testing conditions after the first match, the order of the conditions is critical.
If no conditions match, the switch denies the packet.

Follow these steps to use ACLs:

Step 1

Create an ACL by specifying an access list number or name and access conditions.

Step 2

Apply the ACL to interfaces or terminal lines.

The software supports these kinds of IP access lists:

Standard IP access lists use source addresses for matching operations.

Extended IP access lists use source and destination addresses for matching operations and optional
protocol-type information for finer granularity of control.

Note

MAC extended access list use source and destination MAC addresses and optional protocol type
information for matching operations. For more information, see the

“Creating Named MAC Extended

ACLs” section on page 22-17

.

The next sections describe access lists and the steps for using them.

ACL Numbers

The number you use to denote your ACL shows the type of access list that you are creating.

Table 22-2

lists the access list number and corresponding type and shows whether or not they are supported by the
switch. The switch supports IP standard and IP extended access lists, numbers 1 to 199 and 1300 to 2699.

Table 22-2

Access List Numbers

ACL Number

Type

Supported

1–99

IP standard access list

Yes

100–199

IP extended access list

Yes

200–299

Protocol type-code access list

No

300–399

DECnet access list

No

400–499

XNS standard access list

No

500–599

XNS extended access list

No

600–699

AppleTalk access list

No

700–799

48-bit MAC address access list

No

800–899

IPX standard access list

No

900–999

IPX extended access list

No

1000–1099

IPX SAP access list

No

1100–1199

Extended 48-bit MAC address access list

No

See also other documents in the category IBM Computer Accessories: