Manualshelf

Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x
391392393394395396397398399400
PowerConnect B-Series TI24X Configuration Guide 361
53-1002269-02
Chapter
13
Configuring Rule-Based IP Access Control Lists
ACL overview
This chapter describes how Access Control Lists (ACLs) are implemented and configured in the
PowerConnect B-Series TI24X devices.
Devices support rule-based ACLs (sometimes called hardware-based ACLs), where the decisions to
permit or deny packets are processed in hardware and all permitted packets are switched or routed
in hardware. All denied packets are also dropped in hardware. In addition, PowerConnect B-Series
TI24X devices support inbound ACLs only. Outbound ACLs are not supported.
NOTE
PowerConnect B-Series TI24X devices support hardware-based ACLs only. These devices do not
support flow-based ACLs.
Rule-based ACLs program the ACL entries you assign to an interface into Content Addressable
Memory (CAM) space allocated for the ports. The ACLs are programmed into hardware at startup
(or as new ACLs are entered and bound to ports). Devices that use rule-based ACLs program the
ACLs into the CAM entries and use these entries to permit or deny packets in the hardware, without
sending the packets to the CPU for processing.
Rule-based ACLs are supported on the following interface types:
Gbps Ethernet ports
10 Gbps Ethernet ports
Trunk groups
Virtual routing interfaces
Types of IP ACLs
You can configure the following types of IP ACLs:
Standard – Permits or denies packets based on source IP address. Valid standard ACL IDs are
1 – 99 or a character string.
Extended – Permits or denies packets based on source and destination IP address and also
based on IP protocol information. Valid extended ACL IDs are a number from 100 – 199 or a
character string.
ACL IDs and entries
ACLs consist of ACL IDs and ACL entries: