Installation guide
General Security Measures
3-115
3
Binding a Port to an Access Control List
After configuring the Access Control Lists (ACL), you can bind the ports that need to
filter traffic to the appropriate ACLs. You can assign one IP access list to any port.
Command Usage
• Each ACL can have up to 32 rules.
• This switch supports ACLs for ingress filtering only.
Command Attributes
• Port – Fixed port or SFP module. (Range: 1-28)
• IP – Specifies the IP ACL to bind to a port.
• MAC – Specifies the MAC ACL to bind to a port.
• IN – ACL for ingress packets.
Web – Click Security, ACL, Port Binding. Mark the Enable field for the port you want
to bind to an ACL for ingress or egress traffic, select the required ACL from the
drop-down list, then click Apply.
Figure 3-68 Configuring ACL Port Binding
CLI – This example assigns an IP access list to port 1, and an IP access list to
port 3.
DHCP Snooping
The addresses assigned to DHCP clients on unsecure ports can be carefully
controlled using the dynamic bindings registered with DHCP Snooping (or using the
static bindings configured with IP Source Guard). DHCP snooping allows a switch to
protect a network from rogue DHCP servers or other devices which send
port-related information to a DHCP server. This information can be useful in tracking
an IP address back to a physical port.
Console(config)#interface ethernet 1/1 4-182
Console(config-if)#ip access-group david in 4-175
Console(config-if)#exit
Console(config)#interface ethernet 1/3
Console(config-if)#ip access-group david in
Console(config-if)#