Managing Device Security
442
ProSafe M5300 Switch
IP ACL
An IP ACL consists of a set of rules which are matched sequentially against a packet. When
a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken
and the additional rules are not checked for a match. On this menu the interfaces to which an
IP ACL applies must be specified, as well as whether it applies to inbound or outbound traffic.
Rules for the IP ACL are specified/created using the IP ACL Rule Configuration menu.
To display the IP ACL page, click Security
ACL> Advanced IP ACL.
The IP ACL area shows the current size of the ACL table versus the maximum size of the
ACL table. The current size is equal to the number of configured IPv4 plus the number of
configured MAC ACLs. The maximum size is 100.
To configure an IP ACL:
1. In the IP ACL ID field, specify the ACL ID or IP ACL name. The ID is an integer in the
following range:
• 1–99: Creates an IP Basic ACL, which allows you to permit or deny traffic from a
source IP address.
• 100–199: Creates an IP Extended ACL, which allows you to permit or deny specific
types of layer 3 or layer 4 traffic from a source IP address to a destination IP address.
This type of ACL provides more granularity and filtering capabilities than the standard
IP ACL.
• IP ACL Name: Create a Named IP ACL, which provides alternate to configure the IP
Extended ACL. IP ACL Name string which includes alphanumeric characters only and
must start with an alphabetic character.
Each configured ACL displays the following information:
• Rules - Displays the number of rules currently configured for the IP ACL.
• Type - Identifies the ACL as a basic IP ACL, extended IP ACL and named IP ACL.
2. To delete an IP ACL, select the check box next to the IP ACL ID field, then click DELETE.
3. Click ADD to add a new IP ACL to the switch configuration.