Users Guide
Access Control Lists 663
19
Access Control Lists
Dell EMC Networking N-Series Switches
This chapter describes how to configure Access Control Lists (ACLs),
including IPv4, IPv6, and MAC ACLs. This chapter also describes how to
configure time ranges that can be applied to any of the ACL types.
The topics covered in this chapter include:
• ACL Overview
• ACL Configuration Details
• Policy-Based Routing
• Configuring ACLs (Web)
• Configuring ACLs (CLI)
• ACL Configuration Examples. Dynamic ACLs are covered in the
Authentication, Authorization, and Accounting section of this manual.
ACL Overview
Access Control Lists (ACLs) are a collection of rules that provide security by
blocking selected packets from ingressing the switch. ACLs are implemented
in hardware and processed at line rate for the front-panel ports. A reduced
functionality set of ACLs is implemented in firmware for the OOB port.
ACLs can also provide ingress traffic rate limiting and decide which types of
traffic are forwarded or blocked. Egress ACLs support traffic shaping. ACLs
support deployment as a firewall router, a router connecting two internal
networks, or a layer-3 router implementing routing policies.
To harden the switch against external threats, it is possible to create an ACL
that limits access to the management interfaces based on the connection
method (for example, Telnet or HTTP) and/or the source IP address.
The Dell EMC Networking N-Series switches support ACL configuration in
both the ingress and egress direction. Egress ACLs provide the capability to
implement security rules on the egress flows (traffic leaving a port) rather
than the ingress flows (traffic entering a port). Ingress and egress ACLs can be
applied to any physical port, port-channel (LAG), or VLAN routing port.