Router acls, Router acls” section on, Figure 34-1 – Dell POWEREDGE M1000E User Manual

Page 740

Advertising
background image

34-4

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide

OL-13270-03

Chapter 34 Configuring Network Security with ACLs

Understanding ACLs

Figure 34-1

Using ACLs to Control Traffic to a Network

When you apply a port ACL to a trunk port, the ACL filters traffic on all VLANs present on the trunk
port. When you apply a port ACL to a port with voice VLAN, the ACL filters traffic on both data and
voice VLANs.

With port ACLs, you can filter IP traffic by using IP access lists and non-IP traffic by using MAC
addresses. You can filter both IP and non-IP traffic on the same Layer 2 interface by applying both an
IP access list and a MAC access list to the interface.

Note

You cannot apply more than one IP access list and one MAC access list to a Layer 2 interface. If an IP
access list or MAC access list is already configured on a Layer 2 interface and you apply a new IP access
list or MAC access list to the interface, the new ACL replaces the previously configured one.

Router ACLs

You can apply router ACLs on switch virtual interfaces (SVIs), which are Layer 3 interfaces to VLANs;
on physical Layer 3 interfaces; and on Layer 3 EtherChannel interfaces. You apply router ACLs on
interfaces for specific directions (inbound or outbound). You can apply one router ACL in each direction
on an interface.

One ACL can be used with multiple features for a given interface, and one feature can use multiple
ACLs. When a single router ACL is used by multiple features, it is examined multiple times.

The switch supports these access lists for IPv4 traffic:

Standard IP access lists use source addresses for matching operations.

Extended IP access lists use source and destination addresses and optional protocol type information
for matching operations.

Blade Server

A

Blade Server

B

119651

Research &

Development

network

= ACL denying traffic from

Blade Server

B

and permitting traffic from

Blade Server

A

= Packet

Human

Resources

network

Advertising
Popular Brands
Popular manuals