Configuring Switch Information 245
The following is an example of the CLI commands:
Defining IP based ACLs
Access control lists (ACL) allow network managers to define classification actions and rules for
specific ingress ports. Your switch supports up to 1,024 ACLs. Packets entering an ingress port, with
an active ACL, are either admitted or denied entry and the ingress port is disabled. If they are
denied entry, the user can disable the port.
For example, a network administrator defines an ACL rule that says, port number 20 can receive
TCP packets, however, if a UDP packet is received, the packet is dropped.
ACLs are composed of access control entries (ACEs) that are made of the filters that determine
traffic classifications. The total number of ACEs that can be defined in all ACLs together is 1024.
Use the
Add ACE to IP Based ACL
page to define IP-based ACEs.
To open the
Add ACE to IP Based ACL
page, select
Switch
→
Network Security
→
IP Based ACL
.
Console(config)# interface ethernet g1
Console(config-if)# port security forward trap 100
Console(config-if)# exit
Console(config)# exit
Console# show ports security
Port status Action Trap Frequency Counter
---- ------ ------ ---- --------- -------
g1 Locked Forward Enabled 100 0
g2Unlocked----
...
g24Unlocked----
ch1Unlocked----
...
ch7Unlocked----