beautypg.com

Security management, Security overview, Layer 2 access control list management – Brocade Network Advisor SAN + IP User Manual v12.3.0 User Manual

Page 947: Chapter 22, Chapter 22, “security management

background image

Brocade Network Advisor SAN + IP User Manual

875

53-1003155-01

Chapter

22

Security Management

In this chapter

Security overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 875

Layer 2 access control list management . . . . . . . . . . . . . . . . . . . . . . . . . . . 875

Layer 3 access control list policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 894

Media Access Control (MAC) filter management. . . . . . . . . . . . . . . . . . . . . 934

Security configuration deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 943

Security overview

Security management enables you to filter traffic using Layer 2 and Layer 3 access control lists
(ACLs) and Media Access Control (MAC) filters:

Access control lists enable you to filter traffic based on Layer 2 or Layer 3 information in the
packet header of the Ethernet frame.

-

Layer 2, the data link layer, transfers data between the source and destination within the
same network.

-

Layer 3, the network layer, transfers data between the source and destination through one
or more networks.

MAC Filters enable you to filter traffic based on the MAC layer header in the Ethernet frame.

Layer 2 access control list management

A Layer 2 access control list (ACL) enables you to filter traffic based on the information in the IP
packet header using the MAC address and Ethernet type.

NOTE

Layer 2 ACLs can filter traffic for both Fabric OS and IronWare FCoE devices.

An ACL is a unique collection of permit and deny statements (rules) that apply to frames. You can
use ACLs to permit or deny incoming frames from passing through an interface to which you
assigned the ACLs. When the interface receives the frame, the device compares the fields in the
frame against any ACLs assigned to the interface to verify that the frame has the required
permissions to be forwarded. The device compares the frame, sequentially, against each rule in the
assigned ACL. If the frame matches the permit rule, the traffic is forwarded; otherwise, the traffic is
dropped.

See also other documents in the category Brocade Software: