Acl overview, Mac-based acls – Dell PowerEdge VRTX User Manual

Page 207

207

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Dell Plasma\User

Guide\Plasma_UGSwitching_NetworkSecurity.fm

D E L L CO N F I D E N T I A L – P R E L I MI N A RY 4/ 1 8 /1 3 - F O R PR O O F O N LY

ACL Overview

Access Control Lists (ACLs) enable network managers to define classification

actions and rules for specific ingress or egress ports. Packets entering an

ingress or egress port, with an active ACL, are either admitted or denied entry.

If entry is denied, the ingress or egress port may be disabled, for example, a

network administrator defines an ACL rule that states that port number 20

can receive TCP packets, however, if a UDP packet is received, the packet is

dropped.
ACLs are composed of Access Control Entries (ACEs) that are rules that

determine traffic classifications. Each ACE is a single rule, and up to 256

rules may be defined on each ACL, and up to 3000 rules globally.
Rules are not only used for user configuration purposes, they are also used for

features like DHCP Snooping, and Protocol Group VLAN, so that not all

3000 rules are available for ACEs. It is expected that there will be at least 2000

rules available. If there are fewer rules available, this may be due to DHCP

Snooping. Reduce the number of entries in DHCP Snooping to free rules for

ACEs.
The following types of ACLs can be defined:

• MAC-based ACL — Examines Layer 2 fields only
•

IPv4-based ACL —Examines the Layer 3 layer of IPv4 frames

•

IPv6-based ACL —Examines the Layer 3 layer of IPv6 frames

MAC-Based ACLs

To define a MAC-based ACL:

1 Click Switching > Network Security > MAC Based ACL to display the

MAC Based ACL: Summary page.
The currently-defined MAC-based ACLs are displayed.

2 To add a new ACL, click Add ACL, and enter the name of the new ACL.