Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentForce10 S2410-01-10GE-24P

191

192

193

194

195

196

197

198

199

200

198 | Access Control

www.dell.com | support.dell.com

Note that the order of the rules is important: when a packet matches multiple rules in an ACL, the first rule

created in the ACL takes precedence. Also, once you define an ACL for a given port, all traffic not

specifically permitted by the ACL will be denied access.

Loopback interface ACL: For IP ACLs, the priority given to an ACL assigned to the loopback interface

affects the number of and order in which rules are applied to ports, just as if the ACL and its priority setting

were assigned to each port. For details, see Protecting the Management Interface with a Loopback ACL on

page 201.

SFTOS supports two types of filtering: extended MAC ACLs and IP ACLs. For both types, the general

process for using them is the same:

1. Create the access list.

2. Apply the access list either globally to all ports or to an individual interface.

Common ACL Commands

MAC ACL Commands

MAC Access Control Lists (ACLs) ensure that only authorized users have access to specific resources and

block any unwarranted attempts to reach network resources.

The following rules apply to MAC ACLs:

• The maximum number of ACLs you can create is 100, regardless of type.

• The system supports only Ethernet II frame types.

• The maximum number of rules per MAC ACL is hardware-dependent.

• On the S50 system, if you configure an IP ACL (see IP ACL Commands on page 200) on an interface,

you cannot configure a MAC ACL on the same interface.

To create a MAC ACL identified by

name:

— mac access-list extended name

Force10 (Config)#mac access-list extended ml-1

Define rules for the selected MAC ACL, consisting of classification fields defined for the Layer 2 header of an

Ethernet frame:

—{

deny|permit}{srcmac | any} {dstmac | any} [assign-queue queue-id_0-6] [cos 0-7]

[

ethertypekey] [0x0600-0xFFFF] [redirect unit/slot/port] [vlan {eq 0-4095]

Figure 13-156. Creating a Rule for a MAC Access List

Note: For syntax details on ACL commands, see the Quality of Service chapter in the SFTOS

Command Reference.

Force10 (Config)#mac access-list extended ml-1

Force10 (Config-mac-access-list)#permit 01:80:c2:00:00:00 any assign-queue 4

Force10 (Config-mac-access-list)#permit any 01:80:c2:00:00:FF assign-queue 3 redirect 1/0/10