Configuring IPv4 and IPv6 Access Control Lists
Cisco MDS 9000 Series Switches can route IP version 4 (IPv4) traffic between Ethernet and Fibre Channel
interfaces. The IP static routing feature routes traffic between VSANs. To do so, each VSAN must be in a
different IPv4 subnetwork. Each Cisco MDS 9000 Series Switch provides the following services for network
management systems (NMS):
• IP forwarding on the out-of-band Ethernet interface (mgmt0) on the front panel of the supervisor modules.
• IP forwarding on the in-band Fibre Channel interface using the IP over Fibre Channel (IPFC)
function-IPFC specifies how IP frames can be transported over Fibre Channel using encapsulation
techniques. IP frames are encapsulated into Fibre Channel frames so NMS information can cross the
Fibre Channel network without using an overlay Ethernet network.
• IP routing (default routing and static routing)-If your configuration does not need an external router,
you can configure a default route using static routing.
Switches are compliant with RFC 2338 standards for Virtual Router Redundancy Protocol (VRRP) features.
VRRP is a restartable application that provides a redundant, alternate path to the gateway switch.
IPv4 Access Control Lists (IPv4-ACLs and IPv6-ACLs) provide basic network security to all Cisco MDS
9000 Series Switches. IPv4-ACLs and IPv6-ACLs restrict IP-related traffic based on the configured IP filters.
A filter contains the rules to match an IP packet, and if the packet matches, the rule also stipulates if the packet
should be permitted or denied.
Each Cisco MDS 9000 Series Switch can have a maximum total of 128 IPv4-ACLs or 128 IPv6-ACLs and
each IPv4-ACL or IPv6-ACL can have a maximum of 256 filters.
This chapter includes the following sections:
•
•
•
•
•
•
•
•
•
•
•
C H A P T E R
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
6
99