IBM Partner Pavilion BMD00082 Add or Edit ACLs

SmartConnect User’s Guide

108  Chapter 9: Switch Policies BMD00082, February 2009

Add or Edit ACLs

This configuration window is used for modifying existing ACLs or defining new ACLs. This

window is reached from the ACL Configuration Table window.

Access Control List

Use these fields to configure basic ACL parameters

Table 9-4 ACL Configuration Fields

Field Description

ACL ID Configures the ACL number.

Filter Action Defines the filter action, as follows:

Permit

Deny

none

Ethernet Packet Format Defines the Ethernet format for the ACL.

Tagging Packet Format Defines the tagging format for the ACL.

IP Packet Format

Source MAC Address Defines the source MAC address for this ACL.

Destination MAC address Defines the destination MAC address for this ACL.

Ethernet Type Defines the Ethernet type for this ACL.

VLAN ID Defines a VLAN number and mask for this ACL.

Note: When this field is set, the ACL will match incoming packets only

when they are tagged. Untagged packets will not be matched.

802.1p Priority Defines the 802.1p priority for the ACL.

Note: When this field is set, the ACL will match incoming packets only

when they are tagged. Untagged packets will not be matched.

Type of Service Defines a Type of Service value for the ACL. For more information on

ToS, see RFC 1340 and 1349.

Protocol Defines an IP protocol for the ACL. If defined, traffic from the specified

protocol matches this filter. Specify the protocol number. Some of the

well-known protocols include:

1: ICMP

2: IGMP

6: TCP

17: UDP

89: OSPF

112: VRRP

Contents

Main Page Contents Part 1: Basic Concepts & Configuration 11 Page Part 2: BBI Reference 87 Page Page Page Preface Who Should Use This Users Guide What Youll Find in This Users Guide Part 1: Basic Concepts and Configuration Part 2: BBI Reference Typographic Conventions The following table describes the typographic styles used in this book. How to Get Help Table 1 Typographic Conventions Page Part 1: Basic Concepts & Configuration Page CHAPTER 1 VSE SmartConnect Software Operation VSE SmartConnect Software Overview Page VSE SmartConnect Software Quick Start Configuring the Chassis Management System Configuring the Upstream Networking Device Configuring the Chassis Processor Blades Page CHAPTER 2 Getting Started with the Browser- Based Interface Requirements Web Browser Set Up Starting the BBI Page Updating the Software Image Loading the New Software Image Transferring the New Image to the Switch Page Selecting a Software Image to Run Uploading a Software Image from the Switch Selecting a Configuration Block Page CHAPTER 3 Switch Virtualization Virtual Switch Groups Port Groups Virtual Machine Groups Link Aggregation VLANs Network Segmentation Port Access Port-Based VLAN Tagging Defined VLANs Trunking External Trunks Trunking Rules Statistical Load Distribution Built-In Fault Tolerance Link Aggregation Control Protocol Switch Failover Setting the Number of Links to Trigger Failover Configuring Switch Failover Internal Trunks IGMP Snooping Configuring a Backup Server Port General Configuration Port Configuration DHCP Server Configuration This example was performed with Internet Systems Consortium DHCP Server, version 3.0.4. Page CHAPTER 4 Stacking Stacking Requirements Stack Membership Master Member Backup Master and Backup Selection Master and Backup Behavior Stack Member Numbers Configuring a Stack Configuring Each Switch Page Additional Master Configuration Locating the Master Switch Internal Management IP Interface Viewing Stack Connections Binding Members to the Stack Configuring an External IP Address for the Stack Managing a Stack Stacking Port Numbers Stacking Internal Port Settings Stacking VLANs Stacking Boot Management Upgrading Stack Software Page CHAPTER 5 Command Reference CLI Menus Menu Summary Page Page Viewing, Applying, and Saving Changes Viewing Pending Changes Applying Pending Changes Saving the Configuration CHAPTER 6 Configuring Switch Access Management Module Setup Factory Default vs. MM Assigned IP Addresses Configuring the Default Gateway Configuring Management Module for Switch Access Page Using Telnet Connect to the Switch via SSH Using the Browser-Based Interface Access via HTTP Access via HTTPS Page Securing Access to the Switch Setting Allowable Source IP Address Ranges Configuring an IP Address Range for the Management Network RADIUS Authentication and Authorization Configuring RADIUS User Accounts RADIUS Attributes for VSE SmartConnect Software User Privileges TACACS+ Authentication TACACS+ Authentication Features Authorization Configuring TACACS+ Authentication End User Access Control Considerations for Configuring End User Accounts Configuring End-User Access Control Logging in to an End-User Account Protected Mode Secure Shell and Secure Copy Configuring SSH/SCP Features Enabling or Disabling SCP Apply and Save Configuring the SCP Administrator Password Using SSH and SCP Client Commands To Log In to the Switch: To Download the Switch Configuration Using SCP: To Upload the Configuration to the Switch: Apply and Save the Configuration SSH and SCP Encryption of Management Messages Generating RSA Host and Server Keys for SSH Access SSH/SCP Integration with Radius Authentication SSH/SCP Integration with TACACS+ Authentication SecurID Support Using SecurID with SSH Using SecurID with SCP Page Part 2: BBI Reference Page Page Page Port Status Area Menu Area Configuration Window Page CHAPTER 8 Virtual Switch Groups Port Groups Virtual Machine Groups Link Aggregation Virtual Switch Groups Membership Assigning Ports to VSGs Assigning Virtual Machines to VSGs VM Pre-provisioning Switch Management Ports Virtual Switch Groups Settings Delete Virtual Switch Group Settings Switch Failover Link Aggregation Control Protocol IGMP Snooping BPDU Policy Reset to Default Virtual Switch Groups ACL QoS CHAPTER 9 Switch Policies Internal Port Settings External Port Settings Use this window to configure external port settings. Table 9-2 External Port Settings Fields Management Port Settings Port Mirroring Access Control Lists ACL Configuration Table Searching for an Existing ACL Adding a New ACL Add or Edit ACLs Access Control List Use these fields to configure basic ACL parameters Table 9-4 ACL Configuration Fields Table 9-4 ACL Configuration Fields (continued) ACL Metering Settings ACL Remark Control Access Control List Sets Quality of Service IEEE 8021p for MAC-Level QoS Priority CoS Configuration Table CoS Weight Configuration Table Port Priority Configuration DiffServ Code Point QoS Page ServerMobility General Configuration ServerMobility Port Configuration CHAPTER 10 System Settings Management Settings SNMP System Log General Settings Local User Administration Built-In Users User Configuration Remote User Administration RADIUS TACACS+ Time Services Settings NTP Settings General Settings Table 10-8 Time Services General Settings Fields Table 10-9 Time Services NTP Fields ErrDisable System Settings Switch Protected Mode Management Network Settings Bootstrap Protocol Settings SSH/Telnet Settings Switch SSH Settings Switch Telnet Settings Virtual Machine Group Settings Syslog Settings Stacking Configuration Stack Switch Configuration Stack IP Interfaces Page CHAPTER 11 Boot Management General Boot Settings The following table describes the buttons on the Boot Management window. Boot Schedule on page 135 Tabl e 11-1 Boot Management buttons Boot Schedule Page CHAPTER 12 Switch Information Access Control List Information Access Control List Sets Information ARP Cache Information Bootstrap Protocol Relay Information Forwarding Database Information Virtual Switch Group Information The following table describes the VSG information fields. Table 12-4 Virtual Switch Group Information Fields IGMP Information IGMP Multicast Groups The following table describes the IGMP Multicast Router Ports information fields. The following table describes the IGMP Multicast Groups information fields. IGMP Snooping Multicast Router Ports IP Information IP Interfaces Default Gateways Link Status Information ServerMobility General Information ServerMobility Port Information The following table describes the ServerMobility Port information fields. ServerMobility General Configuration on page 115 ServerMobility Port Information on page 146 Table 12-11 Server Mobility Port information SNMPv3 Information The following table describes the SNMPv3 information fields. Table 12-12 SNMPv3 information Table 12-12 SNMPv3 information (continued) Syslog Messages This window lists the most recently logged system messages. Syslog Settings on page 129 Table 12-12 SNMPv3 information (continued) Port Transceiver Status Trunk Groups Information User Information Virtual Machine Group Information Page CHAPTER 13 Switch Statistics Access Control List Statistics FDB Statistics Layer 3 Statistics Address Resolution Protocol Statistics ICMP Statistics The following table describes the ICMP statistics fields. Table 13-4 ICMP Statistics icmpOutErrors TCP Statistics The following table describes the TCP statistics fields. UDP Statistics IGMP Group Snooping Statistics Summary IP Statistics The following table describes the Internet Protocol statistics fields. Table 13-8 IP Statistics ipForwDatagrams MP-Specific Information CPU Utilization The following table describes the CPU Utilization fields. The following table describes the MP Packet statistics fields. MP Packet Statistics Table 13-9 CPU Utilization Network Time Protocol Statistics Port Statistics Switch Ports Statistics Summary Index Symbols A B C M N P Q R