Dell PowerConnect 5548 User Guide - Page 98
ACLs, ACL Overview, MAC-based ACL - iscsi
View all Dell PowerConnect 5548 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 98 highlights
ACLs This section describes Access Control Lists (ACLs), which enable defining classification actions and rules for specific ingress or egress ports. It contains the following topics: • ACL Overview • MAC-Based ACLs • MAC-Based ACEs • IPv4-Based ACLs • IPv4-Based ACEs • IPv6-Based ACLs • IPv6-Based ACEs ACL Overview Access Control Lists (ACLs) enable network managers to define classification actions and rules for specific ingress or egress ports. Packets entering an ingress or egress port, with an active ACL, are either admitted or denied entry. If entry is denied, the ingress or egress port may be disabled, for example, a network administrator defines an ACL rule that states that port number 20 can receive TCP packets, however, if a UDP packet is received, the packet is dropped. ACLs are composed of Access Control Entries (ACEs) that are rules that determine traffic classifications. Each ACE is a single rule, and up to 256 rules may be defined on each ACL, and up to 3000 rules globally. Rules are not only used for user configuration purposes, they are also used for features like DHCP Snooping, Protocol Group VLAN and iSCSI, so that not all 3000 rules are available for ACEs. It is expected that there will be at least 2000 rules available. If there are fewer rules available, this may be due to DHCP Snooping or iSCSI optimization. Reduce the number of entries in DHCP Snooping or reduce the max number of TCP connections in the iSCSI configuration in order to free rules for ACEs. The following types of ACLs can be defined: • MAC-based ACL - Examines Layer 2 fields only • IPv4-based ACL -Examines the Layer 3 layer of IPv4 frames 98 Dell PowerConnect 55xx Systems User Guide