Access Control List configuration example
This section provides sample CLI commands showing how to configure the Intel® Blade Server Ethernet Switch Module IXM5414E to support Access Control Lists (ACLs). ACLs offer one way of adding Quality of Service support to your network.
You define an ACL to control who can use your network or network resources by allowing or prohibiting access. The ACL specifies one or more match criteria that will be used to determine whether a given packet will be admitted to the network. The first match criteria met by a packet determines whether the packet is admitted. If the packet matches none of the criteria, it will be dropped.
An ACL consists of up to ten rules, each applied to one or more of the following fields:
•Source IP address
•Destination IP address
•Source
•Destination
•Type of Service byte
•Internet Protocol number
The script in the following example restricts access to the network to UDP and TCP traffic from a defined set of IP source addresses.
Create Access Control List 1.
config acl create 1
Create Rule 1 for ACL 1.
config acl rule create 1 1
Define the content of ACL 1 Rule 1. Packets will be accepted only if they are TCP packets from the source IP address set defined by the specified IP address and mask.
config acl rule action 1 1 permit
config acl rule match protocol keyword 1 1 tcp
config acl rule match dstip 1 1 192.168.50.0 255.255.255.0
Create Rule 2 for ACL 1.
config acl rule create 1 2
Define the content of ACL 1 Rule 2. Packets will be accepted only if they are UDP packets from the source IP address set defined by the specified IP address and mask. This is the same source IP address set defined for TCP traffic.
config acl rule action 1 2 permit
config acl rule match protocol keyword 1 2 udp
config acl rule match dstip 1 2 192.168.50.0 255.255.255.0
Apply ACL 1 to inbound traffic received on external ports
config acl interface add ext.1 inbound 1
Intel® Blade Server Ethernet Switch Module IXM5414E | 255 |