Access policies, Overview of access policies, Access control lists – Extreme Networks Summit 300-48 User Manual

Summit 300-48 Switch Software User Guide

107

10

Access Policies

This chapter describes the following topics:

•

Overview of Access Policies on page 107

•

Using Access Control Lists on page 107

Overview of Access Policies

Access policies are a generalized category of features that impact forwarding and route forwarding
decisions. Access policies are used primarily for security and quality of service (QoS) purposes.

The three categories of access policies are:

•

Access control lists

•

Rate limits

Access Control Lists

Access control lists are used to perform packet filtering and forwarding decisions on incoming traffic.
Each packet arriving on an ingress port is compared to the access list in sequential order and is either
forwarded to a specified QoS profile or dropped. These forwarded packets can also be modified by
changing the 802.1p value and/or the DiffServe code point. Using access lists has no impact on switch
performance.

Rate Limits

Rate limits are almost identical to access control lists. Incoming packets that match a rate limit access
control list are allowed as long as they do not exceed a pre-defined rate. Excess packets are either
dropped, or modified by resetting their DiffServ code point.

Using Access Control Lists

Each access control list consists of an access mask that selects which fields of each incoming packet to
examine, and a list of values to compare with the values found in the packet. Access masks can be