192
C o n f i g u r i n g S w i t c h I n f o r m a t i o n
www
.dell.com | support.dell.com
•
Wild Card Masks
•
Match DSCP
•
Match IP-Precedence
•
Source MAC Address
•
Destination MAC Address
•
VLAN ID
For example, a network administrator may define an ACL rule that states that port
number 20 can receive TCP packets; however, if a UDP packet is received, the packet is
dropped.
A single ACL can contain more than one ACE. The ACEs within an ACL are applied in a
first fit manner. The ACEs are processed sequentially, starting with the first ACE. When a
packet is matched to an ACE classification, the ACE action is taken, and the ACL
processing stops. If a match is not found, the packet is dropped as a default action. If several
ACLs are to be processed, the default action is applied only after processing all the ACLs.
The default drop action forwards all permitted traffic, including management traffic such
as Telnet, HTTP, or SNMP, to the switch.
Network mangers can define two types of ACLs:
•
IP ACL—Applies only to IP packets. All classification fields are related to IP packets.
•
MAC ACL—Applies to any packet, including non-IP. Classification fields are based on
L2 fields only.
Packets entering an ingress port with an active ACL are:
•
Forwarded.
•
Discarded and a trap is sent.
•
Discarded, a trap is sent, and the ingress port is disabled.
PowerConnect 3324/3348 supports up to 128 ACLs. PowerConnect 3324/3348 supports up
to 248 ACEs per FE port and up to 120 ACEs per GE port can be defined.