Security management, Layer 2 access control list management, Fabric os layer 2 acl configuration – Brocade Network Advisor SAN User Manual v12.3.0 User Manual

Page 705: Chapter 17, Chapter 17, “security management

Advertising
background image

Brocade Network Advisor SAN User Manual

653

53-1003154-01

Chapter

17

Security Management

In this chapter

Layer 2 access control list management . . . . . . . . . . . . . . . . . . . . . . . . . . . 653

Security configuration deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 662

Layer 2 access control list management

A Layer 2 access control list (ACL) enables you to filter traffic based on the information in the IP
packet header using the MAC address and Ethernet type.

NOTE

Layer 2 ACLs can filter traffic for both Fabric OS and IronWare FCoE devices.

An ACL is a unique collection of permit and deny statements (rules) that apply to frames. You can
use ACLs to permit or deny incoming frames from passing through an interface to which you
assigned the ACLs. When the interface receives the frame, the device compares the fields in the
frame against any ACLs assigned to the interface to verify that the frame has the required
permissions to be forwarded. The device compares the frame, sequentially, against each rule in the
assigned ACL. If the frame matches the permit rule, the traffic is forwarded; otherwise, the traffic is
dropped.

You should configure the ACL on the device before you assign the ACL to an interface. You can
create multiple ACLs and save them to the device configuration. However, the ACL does not filter
traffic until you assign it to an interface. You can assign an ACL on a physical port, Virtual LAN
(VLAN), or Link Aggregation Group (LAG).

For Fabric OS devices, you can create two types of ACLs:

Standard ACL — Use to permit and deny traffic based on the source MAC address of incoming
frames. You should use standard ACLs when you only need to filter traffic based on the source
address.

Extended ACL — Use to permit and deny traffic based on the source and destination MAC
addresses and EtherType, of incoming frames.

Fabric OS Layer 2 ACL configuration

This section provides procedures for configuring a standard for extended Layer 2 ACL on a device,
assigning the Layer 2 ACL to an interface, as well as clearing Layer 2 ACL assignments from a
device.

Advertising
Popular Brands
Popular manuals