Configuring Switch Information 277
Defining IP based ACLsAccess Control Lists (ACL), which are comprised of Access Control Entries (ACE), allow network
managers to define classification actions and rules for specific ingress ports. Packets entering an ingress
port, with an active ACL, are either admitted or denied entry and the ingress port is disabled. If they are
denied entry, the user can disable the port.
For example, a network administrator defines an ACL rule that states, port number 20 can receive
TCPpackets, however, if a UDP packet is received, the packet is dropped.
ACLs are composed of access control entries (ACEs) that are made of the filters that determine traffic
classifications. Each ACE is a rule, and there are 256 rules available. But rules are not only used for user
configuration purposes, they are also used for features like DHCP Snooping, Protocol Group VLAN and
PVE, so not all 256 will be available for ACEs. It is expected that you will have at least 124 rules available.
If you find that there are less rules available, this may be due to DHCP Snooping. You can redue the
number of entries in DHCP Snooping configuration in order to free rules for ACE’s.
To define IP based ACLs, click Switch→ Network Security→ IP Based ACL. I
Figure 7-9. Network Security - IP Based ACL