IBM 12.1(22)EA6 Switch User Manual


 
22-7
Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide
24R9746
Chapter 22 Configuring Network Security with ACLs
Configuring ACLs
Creating Standard and Extended IP ACLs
This section describes how to create switch IP ACLs. The switch tests packets against the conditions in
an access list one by one. The first match determines whether the switch accepts or rejects the packet.
Because the switch stops testing conditions after the first match, the order of the conditions is critical.
If no conditions match, the switch denies the packet.
Follow these steps to use ACLs:
Step 1 Create an ACL by specifying an access list number or name and access conditions.
Step 2 Apply the ACL to interfaces or terminal lines.
The software supports these kinds of IP access lists:
Standard IP access lists use source addresses for matching operations.
Extended IP access lists use source and destination addresses for matching operations and optional
protocol-type information for finer granularity of control.
Note MAC extended access list use source and destination MAC addresses and optional protocol type
information for matching operations. For more information, see the “Creating Named MAC Extended
ACLs” section on page 22-17.
The next sections describe access lists and the steps for using them.
ACL Numbers
The number you use to denote your ACL shows the type of access list that you are creating. Table 22-2
lists the access list number and corresponding type and shows whether or not they are supported by the
switch. The switch supports IP standard and IP extended access lists, numbers 1 to 199 and 1300 to 2699.
Table 22-2 Access List Numbers
ACL Number Type Supported
1–99 IP standard access list Yes
100–199 IP extended access list Yes
200–299 Protocol type-code access list No
300–399 DECnet access list No
400–499 XNS standard access list No
500–599 XNS extended access list No
600–699 AppleTalk access list No
700–799 48-bit MAC address access list No
800–899 IPX standard access list No
900–999 IPX extended access list No
1000–1099 IPX SAP access list No
1100–1199 Extended 48-bit MAC address access list No