Access Control Lists
3-67
3
CLI
– This example displays the 802.1X statistics for port 4.
Access Control Lists
Access Control Lists (ACL) provide packet filtering for IP frames (based on address,
protocol, Layer 4 protocol port number or TCP control code) or any frames (based
on MAC address or Ethernet type). To filter incoming packets, first create an access
list, add the required rules, and then bind the list to a specific port.
Configuring Access Control Lists
An ACL is a sequential list of permit or deny conditions that apply to IP addresses,
MAC addresses, or other more specific criteria. This switch tests ingress or egress
packets against the conditions in an ACL one by one. A packet will be accepted as
soon as it matches a permit rule, or dropped as soon as it matches a deny rule. If no
rules match for a list of all permit rules, the packet is dropped; and if no rules match
for a list of all deny rules, the packet is accepted.
Command Usage
The following restrictions apply to ACLs:
• Each ACL can have up to 32 rules.
• The maximum number of ACLs is also 32.
• The maximum number of rules that can be bound to the ports is 96 for each of the
following list types: MAC ACLs, IP ACLs (including Standard and Extended ACLs).
• When an ACL is bound to an interface as an egress filter, all entries in the ACL
must be deny rules. Otherwise, the bind operation will fail.
• The switch does not support the explicit “deny any any” rule for the egress IP ACL.
If these rules are included in ACL, and you attempt to bind the ACL to an interface
for egress checking, the bind operation will fail.
The order in which active ACLs are checked is as follows:
1.
User-defined rules in the Egress IP ACL for egress ports.
2.
User-defined rules in the Ingress IP ACL for ingress ports.
Console#show dot1x statistics interface ethernet 1/4
4-86
Eth 1/4
Rx: EAPOL EAPOL EAPOL EAPOL EAP EAP EAP
Start Logoff Invalid Total Resp/Id Resp/Oth LenError
2 0 0 1007 672 0 0
Last Last
EAPOLVer EAPOLSrc
1 00-12-CF-94-34-DE
Tx: EAPOL EAP EAP
Total Req/Id Req/Oth
2017 1005 0
Console#
Содержание TL-SG5426 -
Страница 1: ...TL SG5426 26 Port Gigabit Managed Switch Rev 1 0 0 1910010105...
Страница 17: ...Contents xiv...
Страница 21: ...Tables xviii...
Страница 25: ...Figures xxii...
Страница 42: ...Initial Configuration 2 10 2...
Страница 107: ...Configuring the Switch 3 64 3 Figure 3 41 802 1X Port Configuration...
Страница 486: ...Software Specifications A 4 A...