3 Configuring the Switch

Access Control Lists

Access Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MAC address or Ethernet type). To filter incoming packets, first create an access list, add the required rules, specify a mask to modify the precedence in which the rules are checked, and then bind the list to a specific port.

Configuring Access Control Lists

An ACL is a sequential list of permit or deny conditions that apply to IP addresses, MAC addresses, or other more specific criteria. This switch tests ingress or egress packets against the conditions in an ACL one by one. A packet will be accepted as soon as it matches a permit rule, or dropped as soon as it matches a deny rule. If no rules match for a list of all permit rules, the packet is dropped; and if no rules match for a list of all deny rules, the packet is accepted.

You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule. This is done by specifying masks that control the order in which ACL rules are checked. The switch includes two system default masks that pass/filter packets matching the permit/deny rules specified in an ingress ACL. You can also configure up to seven user-defined masks for an ingress or egress ACL.

Command Usage

The following restrictions apply to ACLs:

Each ACL can have up to 32 rules.

The maximum number of ACLs is also 32.

However, due to resource restrictions, the average number of rules bound to the ports should not exceed 20.

You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule.

When an ACL is bound to an interface as an egress filter, all entries in the ACL must be deny rules. Otherwise, the bind operation will fail.

The switch does not support the explicit “deny any any” rule for the egress IP ACL or the egress MAC ACLs. If these rules are included in an ACL, and you attempt to bind the ACL to an interface for egress checking, the bind operation will fail.

The order in which active ACLs are checked is as follows:

1.User-defined rules in the Egress MAC ACL for egress ports.

2.User-defined rules in the Egress IP ACL for egress ports.

3.User-defined rules in the Ingress MAC ACL for ingress ports.

4.User-defined rules in the Ingress IP ACL for ingress ports.

5.Explicit default rule (permit any any) in the ingress IP ACL for ingress ports.

6.Explicit default rule (permit any any) in the ingress MAC ACL for ingress ports.

7.If no explicit rule is matched, the implicit default is permit all.

3-76

Page 128
Image 128
Microsoft ES4625, ES4649 manual Configuring Access Control Lists

ES4649, ES4625 specifications

The Microsoft ES4625 and ES4649 are advanced enterprise-grade servers designed to meet the demands of modern data centers. They blend cutting-edge technology with robust performance, making them an ideal choice for businesses that require reliable processing capabilities, enhanced storage solutions, and improved energy efficiency.

One of the standout features of the ES4625 is its powerful processing capability. Equipped with the latest Intel Xeon Scalable processors, the server can handle a significant workload, making it suitable for various applications, including virtualization, cloud computing, and big data analytics. The multi-core architecture allows for efficient parallel processing, thereby improving response times and overall system performance.

On the other hand, the ES4649 offers an even more powerful setup, with the option to support high core counts and a larger memory footprint. This feature is particularly beneficial for enterprises that run demanding applications requiring substantial processing power and memory capacity. Both models support DDR4 memory, ensuring faster data access and overall system efficiency.

Storage adaptability is another key characteristic of these servers. The ES4625 and ES4649 come with multiple drive bays supporting various storage options, including SSDs and traditional HDDs. This flexibility allows organizations to configure their storage according to their specific performance and capacity needs. With support for advanced storage technologies like NVMe, enterprises can achieve unparalleled data transfer speeds, which is crucial for data-intensive applications.

In terms of manageability, both models are equipped with Microsoft’s innovative management tools. The integration of these tools facilitates easy monitoring, troubleshooting, and maintenance of server health and performance, significantly reducing downtime. Moreover, the servers are designed with enhanced security features to protect against unauthorized access and data breaches, ensuring that sensitive information remains secure.

Energy efficiency is another critical characteristic of the ES4625 and ES4649. These servers are designed with power-saving technologies that reduce energy consumption without compromising performance. This aspect is particularly advantageous for businesses looking to lower their operational costs and carbon footprint.

Overall, the Microsoft ES4625 and ES4649 offer a compelling combination of performance, flexibility, and security. They are engineered to support the increasingly complex demands of modern enterprise environments, making them a valuable investment for organizations seeking reliable, high-performing server solutions. Whether for virtualized workloads, cloud services, or heavy data computations, these servers are designed to deliver exceptional results.