Using acl filters, Mac extended acls, Using acl filters 95 – Blade ICE G8000 User Manual
Page 95
RackSwitch G8000 Application Guide
Chapter 6: Quality of Service
95
BMD00041, November 2008
Using ACL Filters
Access Control Lists are filters that allow you to classify data packets according to a particular
content in the packet header, such as the source address, destination address, source port num-
ber, destination port number, and others. Packet classifiers identify flows for more processing.
Each filter defines the conditions that must match for inclusion in the filter, and also the
actions that are performed when a match is made.
ACLs are used to control whether packets are forwarded or blocked at the switch ports. ACLs
can provide basic security for access to the network. For example, you can use an ACL to per-
mit one host to access a part of the network, and deny another host access to the same area.
Each ACL contains rules that define the matching criteria for data packets. The ACL checks
each packet against its rules, to determine if there is a match. If the packet matches the ACL’s
rules, the ACL performs its configured action: either permit or deny the packet.
The G8000 supports the following ACL types:
MAC Extended ACLs
IP Standard ACLs
IP Extended ACLs
MAC Extended ACLs
The switch supports up to 127 MAC extended ACLs, numbered from 1-65535. Use MAC
Extended ACLs to filter traffic using the following criteria:
Source/destination MAC address
VLAN
Ethernet protocol
User priority criteria
To create a MAC Extended ACL:
To delete a MAC Extended ACL:
RS G8000 (config)# access-list mac extended 1
RS G8000 (config-ext-macl)#
RS G8000 (config)# no access-list mac extended 1
RS G8000 (config)#