Dell PowerConnect 6248 Configuration Guide - Page 116

Configuring a MAC ACL, Step 3: Apply the Rule to Outbound Egress Traffic on Port 1/g2

Page 116 highlights

Step 1: Create an ACL and Define an ACL Rule This command creates an ACL named list1 and configures a rule for the ACL. After the mask has been applied, it permits packets carrying TCP traffic that matches the specified Source IP address, and sends these packets to the specified Destination IP address. console#config console(config)#access-list list1 permit tcp 192.168.77.0 0.0.0.255 192.168.77.3 0.0.0.0 Step 2: Define the Second Rule for ACL 179 Define the rule to set similar conditions for UDP traffic as for TCP traffic. console(config)#access-list list1 permit udp 192.168.77.0 0.0.0.255 192.168.77.3 0.0.0.255 console(config)#exit Step 3: Apply the Rule to Outbound (Egress) Traffic on Port 1/g2 Only traffic matching the criteria will be accepted. console(config)#interface ethernet 1/g2 console(config-if-1/g2)#ip access-group list1 out console(config-if-1/g2)#exit Configuring a MAC ACL The following steps configure a MAC ACL that denies traffic with any MAC address access to hosts with a MAC address of 00:11:22:33:XX:XX, where XX is any hexadecimal value (1-F). The log parameter specifies that the system should keep track of the number of times the rule is applied to traffic that meets the rule criteria. When a frame entering the port matches the rule, the rule hit counter increments. Every five minutes the ACL application checks the counter. If the counter indicates that the rule has been applied since the last time it was checked, the ACL application logs a message indicating which rule was applied and how many times it was hit during that time period. The rule is applied to interface 1/g5 in the inbound direction and has a priority value of 6 (the lower the number, the higher the priority). Step 1: Set up a MAC Access List console#config console(config)#mac access-list extended mac1 console(config)#exit Step 2: Specify the MAC ACL Attributes console(config-mac-access-list)#deny any 00:11:22:33:44:55 00:00:00:00:FF:FF log Step 3: Configure a MAC Access Group console(config)#interface ethernet 1/g5 console(config-if-1/g5)#mac access-group mac1 in 6 116 Device Security

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176

116
Device Security
Step 1: Create an ACL and Define an ACL Rule
This command creates an ACL named list1 and configures a rule for the ACL. After the mask has been
applied, it permits packets carrying TCP traffic that matches the specified Source IP address, and sends
these packets to the specified Destination IP address.
console#config
console(config)#access-list list1 permit tcp 192.168.77.0 0.0.0.255 192.168.77.3
0.0.0.0
Step 2: Define the Second Rule for ACL 179
Define the rule to set similar conditions for UDP traffic as for TCP traffic.
console(config)#access-list list1 permit udp 192.168.77.0 0.0.0.255 192.168.77.3
0.0.0.255
console(config)#exit
Step 3: Apply the Rule to Outbound (Egress) Traffic on Port 1/g2
Only traffic matching the criteria will be accepted.
console(config)#interface ethernet 1/g2
console(config-if-1/g2)#ip access-group list1 out
console(config-if-1/g2)#exit
Configuring a MAC ACL
The following steps configure a MAC ACL that denies traffic with any MAC address access to hosts with
a MAC address of
00:11:22:33:XX:XX
, where
XX
is any hexadecimal value (1-F). The
log
parameter
specifies that the system should keep track of the number of times the rule is applied to traffic that
meets the rule criteria. When a frame entering the port matches the rule, the rule
hit
counter
increments. Every five minutes the ACL application checks the counter. If the counter indicates that the
rule has been applied since the last time it was checked, the ACL application logs a message indicating
which rule was applied and how many times it was hit during that time period.
The rule is applied to interface 1/g5 in the inbound direction and has a priority value of 6 (the lower the
number, the higher the priority).
Step 1: Set up a MAC Access List
console#config
console(config)#mac access-list extended mac1
console(config)#exit
Step 2: Specify the MAC ACL Attributes
console(config-mac-access-list)#deny any 00:11:22:33:44:55 00:00:00:00:FF:FF log
Step 3: Configure a MAC Access Group
console(config)#interface ethernet 1/g5
console(config-if-1/g5)#mac access-group mac1 in 6