Access Control List configuration example

This section provides sample CLI commands showing how to configure the Intel® Blade Server Ethernet Switch Module IXM5414E to support Access Control Lists (ACLs). ACLs offer one way of adding Quality of Service support to your network.

You define an ACL to control who can use your network or network resources by allowing or prohibiting access. The ACL specifies one or more match criteria that will be used to determine whether a given packet will be admitted to the network. The first match criteria met by a packet determines whether the packet is admitted. If the packet matches none of the criteria, it will be dropped.

An ACL consists of up to ten rules, each applied to one or more of the following fields:

Source IP address

Destination IP address

Source Layer-4 port

Destination Layer-4 port

Type of Service byte

Internet Protocol number

The script in the following example restricts access to the network to UDP and TCP traffic from a defined set of IP source addresses.

Create Access Control List 1.

config acl create 1

Create Rule 1 for ACL 1.

config acl rule create 1 1

Define the content of ACL 1 Rule 1. Packets will be accepted only if they are TCP packets from the source IP address set defined by the specified IP address and mask.

config acl rule action 1 1 permit

config acl rule match protocol keyword 1 1 tcp

config acl rule match dstip 1 1 192.168.50.0 255.255.255.0

Create Rule 2 for ACL 1.

config acl rule create 1 2

Define the content of ACL 1 Rule 2. Packets will be accepted only if they are UDP packets from the source IP address set defined by the specified IP address and mask. This is the same source IP address set defined for TCP traffic.

config acl rule action 1 2 permit

config acl rule match protocol keyword 1 2 udp

config acl rule match dstip 1 2 192.168.50.0 255.255.255.0

Apply ACL 1 to inbound traffic received on external ports 1-4. Packets that do not match the criteria specified in Rules 1 or 2 will be dropped.

config acl interface add ext.1 inbound 1

Intel® Blade Server Ethernet Switch Module IXM5414E

255

Page 265
Image 265
Intel IXM5414E manual Access Control List configuration example, Config acl create, Config acl rule create 1, 255