Access Control Lists | IBM Partner Pavilion BMD00082 specs

SmartConnect User’s Guide

Access Control Lists

Access Control Lists (ACLs) are used for limiting or permitting network traffic based on a variety of port, network, and traffic characteristics.

Use the ACL Configuration Table window to search for existing ACLs to view or edit, or to launch the window for configuring a new ACL.

Once ACLs or ACL sets are defined, see “Virtual Switch Groups ACL QoS” on page 100 for assigning them to VSGs.

Also see “Access Control List Sets” on page 111 for information on grouping ACLs together for quicker application.

ACL Configuration Table

Use this screen to search for and select existing ACLs to view or edit, or to launch the window for configuring a new ACL.

Searching for an Existing ACL

1.To search for existing ACLs, enter optional search parameters:

Set ID

Switch Egress Port

Source MAC address

Destination MAC address

VLAN ID

Protocol type

Source IP address

Destination IP address

TCP/UDP source port

TCP/UDP destination port

Filter action

Statistics

Fields that have a value of “any” are ignored during the search.

106 Chapter 9: Switch Policies

BMD00082, February 2009

Image 108

IBM Partner Pavilion BMD00082 manual Access Control Lists, ACL Configuration Table, Searching for an Existing ACL

Contents

User’s Guide SmartConnect User’s Guide Contents Switch Virtualization Part 2 BBI Reference Boot Management Switch Statistics SmartConnect User’s Guide Preface Who Should Use This User’s Guide Part 1 Basic Concepts and Configuration What You’ll Find in This User’s GuidePart 2 BBI Reference How to Get Help Typographic ConventionsTypographic Conventions 10 „ Preface Part 1 Basic Concepts & Configuration 12 „ Part 1 Basic Concepts & Configuration VSE SmartConnect Software Operation VSE SmartConnect Software Overview 14 „ VSE SmartConnect Software Operation Configuring the Chassis Management System Configuring the Upstream Networking DeviceConfiguring the Chassis Processor Blades VSE SmartConnect Software Quick Start 16 „ VSE SmartConnect Software Operation Web Browser Set Up Getting Started with the Browser- Based InterfaceRequirements ASmartConnect Login Prompt Starting the BBI Bbbi Startup Screen Transferring the New Image to the Switch Updating the Software ImageLoading the New Software Image CBoot Management Window shown with Stacking enabled Uploading a Software Image from the Switch Selecting a Software Image to Run Selecting a Configuration Block Active, backup, or factory Resetting the Switch Switch Virtualization Virtual Switch Groups Port GroupsVirtual Machine Groups Link Aggregation Port Access VLANsNetwork Segmentation Port-Based Vlan Tagging Defined VLANs Trunking External Trunks ATrunking External Ports Trunking Rules Built-In Fault Tolerance Switch FailoverStatistical Load Distribution Link Aggregation Control Protocol Setting the Number of Links to Trigger Failover Configuring Switch Failover Internal Trunks CTrunking Internal Ports Igmp Snooping Configuring a Backup Server Port ServerMobility General Configuration 1ServerMobility General Configuration Fields Port Configuration Configuration2ServerMobility Port Configuration Fields Dhcp Server Configuration SmartConnect User’s Guide 42 „ Switch Virtualization Stacking Backup Stacking RequirementsStack Membership Master Master and Backup Selection Master and Backup Behavior Configuring a Stack Stack Member Numbers Configuring Each Switch Configure the Stack Trunk ports optional # cfg/stack/mif Additional Master Configuration Locating the Master Switch Internal Management IP InterfaceViewing Stack Connections CStack Switch Configuration Window Binding Members to the Stack Configuring an External IP Address for the Stack DStack IP Interfaces Configuration Window Managing a Stack EPort Status with Stacking Stacking Internal Port Settings Additional Internal Port Settings for StackingStacking Port Numbers Stacking VLANs Stacking Boot Management Stacking Boot Management buttonsUpgrading Stack Software Info/stack/pushstat Command Reference CLI Menus Menu Summary „ Statistics Menu „ Boot Options Menu Viewing, Applying, and Saving Changes Viewing Pending ChangesApplying Pending Changes Saving the Configuration # save Configuring Switch Access Management Module Setup Factory Default vs. MM Assigned IP Addresses Configuring the Default GatewaySwitch IP Addresses, Based on Switch-Module Bay Numbers Configuring Management Module for Switch Access ASwitch Configuration in the Management Module Window Cfg/sys/access/https/access e Using Telnet Connect to the Switch via SSH Using the Browser-Based Interface Access via HttpAccess via Https Https//192.168.70.127 Securing Access to the Switch Setting Allowable Source IP Address Ranges Configuring an IP Address Range for the Management Network Radius Authentication and Authorization Configuring RadiusUser Access Levels User Accounts User Name/Access User-Service-Type Value 3SmartConnect-Proprietary Attributes for Radius TACACS+ Authentication TACACS+ Authentication FeaturesAuthorization Configuring TACACS+ Authentication End User Access Control Considerations for Configuring End User Accounts Configuring End-User Access Control Logging in to an End-User Account Protected Mode CSwitch Protected Mode Configuration Window Secure Shell and Secure Copy Configuring SSH/SCP Features Enabling or Disabling SCP Apply and Save Configuring the SCP Administrator Password Using SSH and SCP Client CommandsTo Log In to the Switch To Download the Switch Configuration Using SCP To Upload the Configuration to the Switch Apply and Save the Configuration SSH and SCP Encryption of Management Messages Generating RSA Host and Server Keys for SSH Access Cfg/sys/sshd/skeygen SSH/SCP Integration with Radius Authentication SSH/SCP Integration with TACACS+ AuthenticationUsing SecurID with SSH SecurID Support Using SecurID with SCP 86 „ Configuring Switch Access Part 2 BBI Reference 88 „ Part 2 BBI Reference Understanding the Browser-Based Interface SmartConnect BBI Screen AMain VSE SmartConnect Software Screen Port Status Area 1Port Status Colors Menu Area Bvse SmartConnect Software Menu Area Configuration Window Configuration Buttons 94 „ Understanding the Browser-Based Interface Virtual Switch Groups Port Groups Virtual Machine Groups Link Aggregation Virtual Switch Groups Membership Switch Management PortsAssigning Ports to VSGs Assigning Virtual Machines to VSGs Virtual Switch Groups Settings Delete Virtual Switch Group SettingsSwitch Failover Reset to Default Link Aggregation Control ProtocolIgmp Snooping Bpdu Policy Virtual Switch Groups ACL QoS Add or remove ACLs or ACL sets for the specified VSG ports Switch Policies Internal Port Settings Internal Port Settings Fields External Port Settings 2External Port Settings Fields Management Port Settings Management Port Settings Fields Port Mirroring Access Control Lists ACL Configuration TableSearching for an Existing ACL Adding a New ACL „ or Access Control List 4ACL Configuration FieldsAdd or Edit ACLs Number, just as with sport above ACL Metering Settings 5ACL Metering Configuration Fields6ACL Remarking Configuration Fields ACL Remark Control Access Control List Sets 7ACL Sets Configuration Fields Quality of Service Ieee 8021p for MAC-Level QoS 8DSCP Configuration Fields DiffServ Code Point QoS 4FB2F3A86E3435548B0BD82DF2B7E949 ServerMobility General Configuration 9ServerMobility General Configuration Fields ServerMobility Port Configuration 10ServerMobility Port Configuration Fields System Settings Management Settings System Log1SNMP Management Fields 2Management Fields General Settings 3General Configuration Fields Local User Administration 4Built-In User Administration FieldsBuilt-In Users User Configuration 5Local User Administration Fields Remote User Administration 6RADIUS Fields TACACS+ 7TACACS+ Fields Time Services Settings General SettingsNTP Settings 8Time Services General Settings Fields ErrDisable System Settings Switch Protected Mode10ErrDisable Configuration Fields Management Network Settings Bootstrap Protocol Settings11Management Network Configuration Fields 12BOOTP Configuration Fields SSH/Telnet Settings Switch SSH SettingsSwitch Telnet Settings 13SSH Configuration Fields Virtual Machine Group Settings 15VM Group Configuration Fields Syslog Settings Stacking Configuration Stack Switch ConfigurationStack Switch Configuration Fields „ Stack Switch Configuration on „ Managing a Stack on Stack IP Interfaces 132 „ System Settings Boot Management General Boot Settings Boot Management buttons Figuration block Boot Schedule 2Boot Schedule Fields 136 „ Boot Management Switch Information Access Control List Information Access Control List Sets Information Bootstrap Protocol Relay Information 2BOOTP Relay Information FieldsARP Cache Information 1ARP Cache Information Fields Forwarding Database Information 3FDB Information Fields Virtual Switch Group Information 4Virtual Switch Group Information Fields Igmp Information Igmp Multicast GroupsIgmp Snooping Multicast Router Ports 5IGMP Multicast Groups information Default Gateways 8Default Gateway informationIP Information IP Interfaces Link Status Information 9Link Status information ServerMobility General Information 10ServerMobility General information ServerMobility Port Information Server Mobility Port information SNMPv3 Information 12SNMPv3 information SNMPv3 information VacmSecurityToGroup Table Syslog Messages SnmpTargetParams Table Port Transceiver Status Trunk Groups InformationTransceiver information Trunk Group information User Access information User InformationVirtual Machine Group Information VM Group information 152 „ Switch Information Switch Statistics Access Control List Statistics1ACL Statistics Address Resolution Protocol Statistics FDB StatisticsLayer 3 Statistics 2FDB Statistics Icmp Statistics 4ICMP Statistics TCP Statistics 5TCP Statistics UDP Statistics 6UDP Statistics Igmp Group Snooping Statistics Summary 7IGMP Snooping Statistics IP Statistics 8IP Statistics MP-Specific Information Dont Fragment flag was set CPU Utilization MP Packet Statistics9CPU Utilization 10MP Packet Statistics Switch Ports Statistics Summary Network Time Protocol StatisticsPort Statistics NTP Statistics Symbols Index TACACS+