Access control lists – LevelOne FGL-2870 User Manual
Page 178
Configuring the Switch
3-124
3
CLI – This example adds Filter ID 22 and configures it to block traffic from MAC
address 11-22-33-44-55-66.
Access Control Lists
Access Control Lists (ACL) provide packet filtering for IPv4 frames (based on
address, protocol, Layer 4 protocol port number or TCP control code), IPv6 frames
(based on address, next header type, or flow label), or any frames (based on MAC
address or Ethernet type). To filter incoming packets, first create an access list, add
the required rules, and then bind the list to a specific port.
Configuring Access Control Lists –
An ACL is a sequential list of permit or deny conditions that apply to IP addresses,
MAC addresses, or other more specific criteria. This switch tests ingress packets
against the conditions in an ACL one by one. A packet will be accepted as soon as it
matches a permit rule, or dropped as soon as it matches a deny rule. If no rules
match, the packet is accepted.
Command Usage
The following restrictions apply to ACLs:
• The maximum number of ACLs is 64.
• The maximum number of rules per system is 1024 rules for mixed mode, or 500
rules for extended mode.
• Each ACL can have up to 64 rules. However, due to resource restrictions, the
average number of rules bound to the ports should not exceed 20.
Note:
The CLI includes a control function which restricts access lists to only extended
rules, or permits both standard and extended rules. For a detailed description of
this feature, refer to the access-list rule-mode command (page 4-199).
The default setting only permits extended rules, storing any standard rules entered
through the web or command line interface in extended rule format.
Console(config)#network-access mac-filter 22 mac-address
11-22-33-44-55-66
Console(config)#exit
Console#show network-access mac-filter 22
Filter ID MAC Address MAC Mask
--------- ----------------- -----------------
22 11-22-33-44-55-66 FF-FF-FF-FF-FF-FF
Console#