18 Layer 2 access control list management

You should configure the ACL on the device before you assign the ACL to an interface. You can create multiple ACLs and save them to the device configuration. However, the ACL does not filter traffic until you assign it to an interface. You can assign an ACL on a physical port, Virtual LAN (VLAN), or Link Aggregation Group (LAG).

For IronWare OS products, you can create a standard ACL. For Fabric OS devices, you can create two types of ACLs:

Standard ACL — Use to permit and deny traffic based on the source MAC address of incoming frames. You should use standard ACLs when you only need to filter traffic based on the source address.

Extended ACL — Use to permit and deny traffic based on the source and destination MAC addresses and EtherType, of incoming frames.

IronWare Layer 2 ACL configuration

This section provides procedures for configuring a standard or extended Layer 2 ACL on a device, assigning the Layer 2 ACL to an interface, and clearing Layer 2 ACL assignments from a device.

Creating a Layer 2 ACL configuration (IronWare)

To create a Layer 2 ACL configuration, complete the following steps.

1.Select a device and select Configure > Security > Layer 2 ACL > Product. The Device_Name - Layer 2 ACL Configuration dialog box displays.

FIGURE 205 Device_Name - Layer 2 ACL Configuration dialog box

2.Select New from the Add list.

The Add - Layer 2 ACL Configuration dialog box displays.

562

Brocade Network Advisor IP User Manual

 

53-1003056-01

Page 614
Image 614
Brocade Communications Systems IP250 IronWare Layer 2 ACL configuration, Creating a Layer 2 ACL configuration IronWare