Filter
Top Products
Chapter 10. ACLs | 137
ProSafe M4100 and M7100 Managed Switches
MAC ACLs
MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect the following fields of a
packet (limited by platform):
• Source MAC address with mask.
• Destination MAC address with mask.
• VLAN ID (or range of IDs).
• Class of Service (CoS) (802.1p) .
• EtherType:
- Secondary CoS (802.1p).
- Secondary VLAN (or range of IDs).
• L2 ACLs can apply to one or more interfaces.
• Multiple access lists can be applied to a single interface: the sequence number
determines the order of execution.
• You cannot configure a MAC ACL and an IP ACL on the same interface.
• You can assign packets to queues using the assign queue option.
• You can redirect packets using the redirect option.
IP ACLs
IP ACLs classify for Layer 3. Each ACL is a set of up to 10 rules applied to inbound traffic.
Each rule specifies whether the contents of a given field should be used to permit or deny
access to the network, and can apply to one or more of the following fields within a packet:
• Source IP address
• Destination IP address
• Source Layer 4 port
• Destination Layer 4 port
• ToS byte
• Protocol number
Note that the order of the rules is important: When a packet matches multiple rules, the first
rule takes precedence. Also, once you define an ACL for a given port, all traffic not
specifically permitted by the ACL is denied access.
ACL Configuration
To configure ACLs:
1. Create an ACL by specifying a name (MAC ACL) or a number (IP ACL).
2. Add new rules to the ACL.
3. Configure the match criteria for the rules.