Black Box LGB1148A Network Hardware User Manual


 
724-746-5500 | blackbox.com
Page 212
724-746-5500 | blackbox.com
Appendix
Appendix: Glossary of Web-Based Management Terms
ACE: ACE is an acronym for Access Control Entry. It describes access permission associated with a particular ACE ID. There are
three ACE frame types (Ethernet Type, ARP, and IPv4) and two ACE actions (permit and deny). The ACE also contains many
detailed, different parameter options that are available for individual application.
ACL: ACL is an acronym for Access Control List. It is the list table of ACEs, containing access control entries that specify individual
users or groups permitted or denied to specific traffic objects, such as a process or a program. Each accessible traffic object
contains an identifier to its ACL. The privileges determine whether there are specific traffic object access rights.
ACL implementations can be quite complex, for example, when the ACEs are prioritized for the various situation. In networking,
the ACL refers to a list of service ports or network services that are available on a host or server, each with a list of hosts or
servers permitted or denied to use the service. ACL can generally be configured to control inbound traffic, and in this context,
they are similar to firewalls.
There are three Web pages associated with the manual ACL configuration:
ACL|Access Control List: The Web page shows the ACEs in a prioritized way, highest (top) to lowest (bottom). Default table is
empty. An ingress frame will only get a hit on one ACE even though there are more matching ACEs. The first matching ACE will
take action (permit/deny) on that frame and a counter associated with that ACE is incremented. An ACE can be associated with
a Policy, 1 ingress port, or any ingress port (the whole switch). If an ACE Policy is created then that Policy can be associated
with a group of ports under the “Ports“ Web page. There are number of parameters that can be configured with an ACE. Read
the Web page help text to get further information for each of them. The maximum number of ACEs is 64.
ACL|Ports: The ACL Ports configuration is used to assign a Policy ID to an ingress port. This is useful to group ports to obey the
same traffic rules. Traffic Policy is created under the “Access Control List“ page. You can also set up specific traffic properties
(Action / Rate Limiter / Port copy, etc) for each ingress port. They will only apply though if the frame gets past the ACE
matching without getting matched. In that case, a counter associated with that port is incremented. See the Web page help
text for each specific port property.
ACL|Rate Limiters: Under this page, you can configure the rate limiters. There can be 15 different rate limiters, each ranging
from 1–1024K packets per seconds. Under “Ports“ and “Access Control List“ Web pages, you can assign a Rate Limiter ID to
the ACE(s) or ingress port(s).
AES: AES is an acronym for Advanced Encryption Standard. The encryption key protocol is applied in 802.1i standard to improve
WLAN security. It is an encryption standard by the U.S. government, which will replace DES and 3DES. AES has a fixed block
size of 128 bits and a key size of 128, 192, or 256 bits.
APS: APS is an acronym for Automatic Protection Switching. This protocol is used to secure that switching is done bidirectional in
the two ends of a protection group, as defined in G.8031.
Aggregation: Using multiple ports in parallel to increase the link speed beyond the limits of a port and to increase the
redundancy for higher availability. (See also Port Aggregation, Link Aggregation.)
ARP: ARP is an acronym for Address Resolution Protocol. It is a protocol that used to convert an IP address into a physical address,
such as an Ethernet address. ARP allows a host to communicate with other hosts when only the Internet address of its
neighbors is known. Before using IP, the host sends a broadcast ARP request containing the Internet address of the desired
destination system.
ARP Inspection: ARP Inspection is a secure feature. Several types of attacks can be launched against a host or devices connected
to Layer 2 networks by "poisoning" the ARP caches. This feature is used to block such attacks. Only valid ARP requests and
responses can go through the switch device.
Autonegotiation: Autonegotiation is the process where two different devices establish the mode of operation and the speed
settings that can be shared by those devices for a link.
CC: CC is an acronym for Continuity Check. It is a MEP functionality that is able to detect loss of continuity in a network by
transmitting CCM frames to a peer MEP.
LGB1108A