Access control list configuration example – Intel IXM5414E User Manual

Page 265

Advertising
background image

Intel® Blade Server Ethernet Switch Module IXM5414E

255

Access Control List configuration example

This section provides sample CLI commands showing how to configure the Intel® Blade Server
Ethernet Switch Module IXM5414E to support Access Control Lists (ACLs). ACLs offer one way
of adding Quality of Service support to your network.

You define an ACL to control who can use your network or network resources by allowing or
prohibiting access. The ACL specifies one or more match criteria that will be used to determine
whether a given packet will be admitted to the network. The first match criteria met by a packet
determines whether the packet is admitted. If the packet matches none of the criteria, it will be
dropped.

An ACL consists of up to ten rules, each applied to one or more of the following fields:

Source IP address

Destination IP address

Source Layer-4 port

Destination Layer-4 port

Type of Service byte

Internet Protocol number

The script in the following example restricts access to the network to UDP and TCP traffic from a
defined set of IP source addresses.

Create Access Control List 1.

config acl create 1

Create Rule 1 for ACL 1.

config acl rule create 1 1

Define the content of ACL 1 Rule 1. Packets will be accepted only if they are TCP packets from
the source IP address set defined by the specified IP address and mask.

config acl rule action 1 1 permit

config acl rule match protocol keyword 1 1 tcp

config acl rule match dstip 1 1 192.168.50.0 255.255.255.0

Create Rule 2 for ACL 1.

config acl rule create 1 2

Define the content of ACL 1 Rule 2. Packets will be accepted only if they are UDP packets from
the source IP address set defined by the specified IP address and mask. This is the same source
IP address set defined for TCP traffic.

config acl rule action 1 2 permit

config acl rule match protocol keyword 1 2 udp

config acl rule match dstip 1 2 192.168.50.0 255.255.255.0

Apply ACL 1 to inbound traffic received on external ports 1-4. Packets that do not match the
criteria specified in Rules 1 or 2 will be dropped.

config acl interface add ext.1 inbound 1

Advertising
Popular Brands
Popular manuals