Handbook

ManualsBrandsNEC ManualsBlade ServersNEC N8406-026 10Gb L3 Switch

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 76

Using ACL Groups

Access Control Lists (ACLs) allow you to classify packets according to a particular content in the packet

header, such as the source address, destination address, source port number, destination port number,

and others. Packet classifiers identify flows for more processing.

You can define a traffic profile by compiling a number of ACLs into an ACL Group, and assigning the ACL

Group to a port.

ACL Groups are assigned and enabled on a per-port basis. Each ACL can be used by itself or in

combination with other ACLs or ACL Groups on a given switch port.

ACLs can be grouped in the following manner:

Access Control Lists

The switch supports up to 384 ACLs. Each ACL defines one filter rule. Each filter rule is a collection of

matching criteria, and can include an action (permit or deny the packet). For example:

ACL 200:

VLAN = 1

SIP = 10.10.10.1 (255.255.255.0)

Action = permit

Access Control Groups

An Access Control Group (ACL Group) is a collection of ACLs. For example:

ACL Group 1

ACL 382:

VLAN = 1

SIP = 10.10.10.1 (255.255.255.0)

Action = permit

ACL 383:

VLAN = 2

SIP = 10.10.10.2 (255.255.255.0)

Action = deny

ACL 384:

PRI = 7

DIP = 10.10.10.3 (255.255.0.0)

Action = permit

In the example above, each ACL defines a filter rule. ACL 383 has a higher precedence than ACL

382, based on its number.

Use ACL Groups to create a traffic profile by gathering ACLs into an ACL Group, and assigning the

ACL Group to a port. The switch supports up to 384 ACL Groups.

ACL Metering and Re-marking

You can define a profile for the aggregate traffic flowing through the switch, by configuring a QoS meter

(if desired), and assigning ACL Groups to ports. When you add ACL Groups to a port, make sure they are

ordered correctly in terms of precedence.

Actions taken by an ACL are called In-Profile actions. You can configure additional In-Profile and Out-of-

Profile actions on a port. Data traffic can be metered, and re-marked to ensure that the traffic flow

provides certain levels of service in terms of bandwidth for different types of network traffic.

Metering

QoS metering provides different levels of service to data streams through user-configurable parameters.

A meter is used to measure the traffic stream against a traffic profile, which you create. Thus, creating

meters yields In-Profile and Out-of-Profile traffic for each ACL, as follows:

In-Profile : If there is no meter configured or if the packet conforms to the meter, the packet is classified

as In-Profile.