beautypg.com

Software acls, Defining hardware mac acls – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 829

background image

Access Control Lists Introduction

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

33.5

Software ACLs

These ACLs types can be either named ACLs, using the standard or extended keyword
followed by a text string, or they can use the following ranges:

1-99 (IP standard ACL range)

100-199 (IP extended ACL range)

1300-1999 (IP standard expanded ACL range)

2000-2699 (IP extended expanded ACL range)

named standard IPv4 ACLs

named extended IPv4 ACLs

named standard IPv6 ACLs

named extended IPv6 ACLs

Software ACLs are used in features such as SNMP.

See

Chapter 35, IPv4 Software Access Control List (ACL) Commands

and

Chapter 37,

IPv6 Software Access Control List (ACL) Commands

for detailed command information

and command examples about IPv4 and IPv6 software ACLs as applied to Routing and
Multicasting. See all relevant Routing commands and configurations in

“Layer Three,

Switching and Routing”

and all relevant Multicast commands and configurations in

“Multicast Applications”

.

Defining Hardware MAC ACLs

These are used to filter traffic based on specific source or destination MAC addresses
contained within the data frames. They can be applied to ports in the form of access
groups.

A MAC access list requires the following components:

an ACL number in the range 4000-4699

an action, permit, deny etc. See

“Actions for Hardware ACLs” on page 33.7

a source MAC address. You can use the format, HHHH.HHHH.HHHH to filter on a
specific MAC address (where H is a hexadecimal number), or you can filter on any
source MAC address by entering the word “any”.

a source MAC mask. This mask determines which portion of the source MAC address
header will be compared with that found in the incoming packets. The mask is
configured in the format where each H is a hexadecimal
number. In practice each hex number will normally be either 0 (to represent a match)
or F (to represent a don’t care condition). A mask is not required if the source address
is specified as “any”.

a destination MAC address. You can use the format, HHHH.HHHH.HHHH to filter on a
specific MAC address (where H is a hexadecimal number), or you can filter on any
destination MAC address by entering the word “any”.

a destination MAC mask. This mask determines which portion of the destination MAC
address header will be compared with that found in the incoming packets. The mask
is configured in the format where each H is a hexadecimal
number. In practice each hex number will normally be either 0 (to represent a match)
or F (to represent a don’t care condition). A mask is not required if the source address
is specified as “any”.