User manual
C
HAPTER
14
| Security Measures
Access Control Lists
– 175 –
ES-2000 Series
Figure 99: Downloading the Secure-Site Certificate
ACCESS CONTROL LISTS
Access Control Lists (ACL) provide packet filtering for IPv4 frames (based
on address, protocol, Layer 4 protocol port number or TCP control code), or
any frames (based on MAC address or Ethernet type). To filter incoming
packets, first create an access list, add the required rules, and then bind
the list to a specific port.
Configuring Access Control Lists –
An ACL is a sequential list of permit or deny conditions that apply to IP
addresses, MAC addresses, or other more specific criteria. This switch tests
ingress packets against the conditions in an ACL one by one. A packet will
be accepted as soon as it matches a permit rule, or dropped as soon as it
matches a deny rule. If no rules match, the packet is accepted.
COMMAND USAGE
The following restrictions apply to ACLs:
◆ The maximum number of ACLs is 64.
◆ The maximum number of rules per system is 512 rules.
◆ An ACL can have up to 32 rules. However, due to resource restrictions,
the average number of rules bound to the ports should not exceed 20.
SHOWING TCAM
UTILIZATION
Use the Security > ACL (Configure ACL - Show TCAM) page to show
utilization parameters for TCAM (Ternary Content Addressable Memory),
including the number policy control entries in use, the number of free
entries, and the overall percentage of TCAM in use.
COMMAND USAGE
Policy control entries (PCEs) are used by various system functions which
rely on rule-based searches, including Access Control Lists (ACLs), IP
Source Guard filter rules, Quality of Service (QoS) processes, or traps.