beautypg.com

Configuring acls, In this chapter, Acl overview – Brocade Communications Systems Converged Enhanced Ethernet 53-1002163-02 User Manual

Page 123: Chapter 10, Chapter 10, “configuring acls

background image

Converged Enhanced Ethernet Administrator’s Guide

101

53-1002163-02

DRAFT: BROCADE CONFIDENTIAL

Chapter

10

Configuring ACLs

In this chapter

ACL overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Default ACL configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

ACL configuration guidelines and restrictions . . . . . . . . . . . . . . . . . . . . . . . 102

ACL configuration and management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

ACL overview

ACLs filter traffic for the Brocade FCoE hardware and permit or deny incoming frames from passing
through interfaces that have the ACLs applied to them. You can apply ACLs on VLANs and on Layer
2 interfaces. Each ACL is a unique collection of permit and deny statements (rules) that apply to
frames. When a frame is received on an interface, the switch compares the fields in the frame
against any ACLs applied to the interface to verify that the frame has the required permissions to
be forwarded. The switch compares the frame, sequentially, against each rule in the ACL and either
forwards the frame or drops the frame.

NOTE

In the Brocade Fabric OS v7.0.0 release, only Layer 2 MAC access control lists (ACLs) are supported.

The switch examines ACLs associated with options configured on a given interface. As frames enter
the switch on an interface, ACLs associated with all inbound options configured on that interface
are examined. With MAC ACLs you can identify and filter traffic based on the MAC address, and
EtherType.

The primary benefits of ACLs are as follows:

Provide a measure of security.

Save network resources by reducing traffic.

Block unwanted traffic or users.

Reduce the chance of denial of service (DOS) attacks.

There are two types of MAC ACLs:

Standard ACLs—Permit and deny traffic according to the source MAC address in the incoming
frame. Use standard MAC ACLs if you only need to filter traffic based on source addresses.

Extended ACLs—Permit and deny traffic according to the source and destination MAC
addresses in the incoming frame, as well as EtherType.

See also other documents in the category Brocade Communications Systems Hardware: