130
BES50 fundamentals
Access Control Lists
Access Control Lists (ACLs) provide packet filtering for IP frames (based on
address, protocol, or TCP/UDP port number) or any frames (based on MAC
address or Ethernet type). ACLs can be used to improve performance by
blocking unnecessary network traffic or to implement security controls by
restricting access to specific network resources or protocols.
An ACL is a sequential list of permit or deny conditions that apply to IP
addresses or other more specific criteria. The switch tests ingress packets
against the conditions in an ACL one by one. A packet is accepted as soon
as it matches a permit rule, or dropped as soon as it matches a deny rule. If
no rules match for a list of all permit rules, the packet is dropped; and if no
rules match for a list of all deny rules, the packet is accepted.
You must configure a mask for an ACL rule before you can bind it to a port
or set the queue or frame priorities associated with the rule. You do this by
specifying masks that control the order in which ACL rules are checked.
The switch includes two system default masks that pass or filter packets
matching the permit and deny rules specified in an ingress ACL. You can
also configure up to seven user-defined masks for an ingress ACL.
The following restrictions apply to ACLs:
•
Each frame can process a maximum of 32 ACLs.
•
Each ACL can process a maximum of 32 rules.
•
Due to resource restrictions, do not exceed 10 rules per port.
The active ACLs are checked in the following order:
1. User-defined rules in the ingress IP ACL for ingress ports.
2. Explicit default rule (permit any any) in the ingress IP ACL for ingress
ports.
3. If no explicit rule is matched, the implicit default is permit all.
Port configuration
You can manually configure the speed, duplex mode, and flow control used
on specific ports, or you can use autonegotiation to detect the connection
settings used by the attached device. Use the full-duplex mode on ports
whenever possible to double the throughput of switch connections. Also,
enable flow control to control network traffic during periods of congestion
and prevent the loss of packets when port buffer thresholds are exceeded.
The switch supports flow control based on the IEEE 802.3x standard.
SMB
Using the Nortel Business Ethernet Switch 50 Series
NN47924-301
01.01
Standard
1.00
October 2006
Copyright © 2006, Nortel Networks
Nortel Networks Confidential
.
Summary of Contents for BES50FE-12T PWR
Page 165: ......