3com 2948-SFP Plus 사용자 가이드

C

HAPTER 

4: M

ANAGING

 D

EVICE

 S

ECURITY

Access Control Lists (ACL) allow network managers to define classifi-
cation actions and rules for specific ingress ports. Packets entering an 
ingress port, with an active ACL are either admitted or denied entry. If 
they are denied entry, the port can be disabled.

For example, an ACL rule is defined states that port number 20 can 
receive TCP packets, however, if a UDP packet is received, the packet is 
dropped. ACLs are composed of access control entries (ACEs) that are 
made of the filters that determine traffic classifications.

The following are examples of filters that can be defined as ACEs:

 

Source Port IP Address and Wildcard Mask — Filters the packets  

 

by the Source port IP address and wildcard mask. 

 

 

Destination Port IP Address and Wildcard Mask — Filters the  

 

packets by the Source port IP address and wildcard mask. 

 

 

ACE Priority — Filters the packets by the ACE priority. 

 

 

Protocol — Filters the packets by the IP protocol. 

 

 

DSCP — Filters the packets by the DiffServ Code Point (DSCP)  

 

value. 

 

 

IP Precedence — Filters the packets by the IP Precedence. 

 

 

Action — Indicates the action assigned to the packet matching  

 

the ACL. Packets are forwarded or dropped. 

 

This section includes the following topics:

  Viewing MAC Based ACLs 
  Configuring MAC Based ACLs 
  Removing MAC Based ACLs 
  Viewing IP Based ACLs 
  Defining IP Based ACLs 
  Modifying IP Based ACLs 
  Removing IP Based ACLs 
  Viewing ACL Binding 
  Configuring ACL Binding 
  Removing ACL Binding