The Network Security page contains links to the following topics:
Network Security Overview
l
Configuring Port Security
l
Defining IP-Based ACLs
l
Defining MAC-Based ACLs
l
Binding ACLs
l
Network Security Overview
Access Control Lists (ACLs) allow network managers to define classification actions and rules for specific ingress ports. ACLs contain multiple classification rules
and actions. Each classification rule and action is an Access Control Element (ACE). ACEs are the filters that determine traffic classifications. Packets are
matched by the following ACEs:
Protocol
l
Destination Port
l
Source IP Address
l
Destination IP Address
l
Wild Card Masks
l
Match DSCP
l
Match IP-Precedence
l
Source MAC Address
l
Destination MAC Address
l
VLAN ID
l
For example, a network administrator may define an ACL rule that states that port number 20 can receive TCP packets; however, if a UDP packet is received,
the packet is dropped.
A single ACL can contain more than one ACE. The ACEs within an ACL are applied in a first fit manner. The ACEs are processed sequentially, starting with the