3Com 2916-SFP User Guide - Page 57
Defining Access Control Lists, Source Port IP Address and Wildcard Mask, ACE Priority, Protocol
UPC - 662705518893
View all 3Com 2916-SFP manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 57 highlights
Defining Access Control Lists 57 Defining Access Control Lists Access Control Lists (ACL) allow network managers to define classification actions and rules for specific ingress ports. Packets entering an ingress port, with an active ACL are either admitted or denied entry. If they are denied entry, the port can be disabled. For example, an ACL rule is defined states that port number 20 can receive TCP packets, however, if a UDP packet is received, the packet is dropped. ACLs are composed of access control entries (ACEs) that are made of the filters that determine traffic classifications. The following are examples of filters that can be defined as ACEs: ■ Source Port IP Address and Wildcard Mask - Filters the packets by the Source port IP address and wildcard mask. ■ Destination Port IP Address and Wildcard Mask - Filters the packets by the Source port IP address and wildcard mask. ■ ACE Priority - Filters the packets by the ACE priority. ■ Protocol - Filters the packets by the IP protocol. ■ DSCP - Filters the packets by the DiffServ Code Point (DSCP) value. ■ IP Precendence - Filters the packets by the IP Precedence. ■ Action - Indicates the action assigned to the packet matching the ACL. Packets are forwarded or dropped. In addition, the port can be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding. This section includes the following topics: ■ Viewing MAC Based ACLs ■ Configuring MAC Based ACLs ■ Removing MAC Based ACLs ■ Viewing IP Based ACLs ■ Defining IP Based ACLs ■ Modifying IP Based ACLs ■ Removing IP Based ACLs ■ Viewing ACL Binding ■ Configuring ACL Binding ■ Removing ACL Binding