Chapter 39 acl configuration, 1 introduction to acl, 1 access-list – QTECH QSW-3400 Инструкция по настройке User Manual

Page 300: 2 access-group, 3 access-list action and global default action, Ntroduction to

Advertising
background image

+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1

299

Chapter 39 ACL Configuration

39.1 Introduction to ACL

ACL (Access Control List) is an IP packet filtering mechanism employed in switches, providing

network traffic control by granting or denying access the switches, effectively safeguarding the

security of networks. The user can lay down a set of rules according to some information

specific to packets, each rule describes the action for a packet with certain information
matched: “permit” or “deny”. The user can apply such rules to the incoming direction of switch

ports, so that data streams of specified ports must comply with the ACL rules assigned.

39.1.1 Access-list

Access-list is a sequential collection of conditions that corresponds to a specific rule. Each rule

consist of filter information and the action when the rule is matched. Information included in a

rule is the effective combination of conditions such as source IP, destination IP, IP protocol

number and TCP port, UDP port. Access-lists can be categorized by the following criteria:

Filter information based criterion: IP access-list (layer 3 or higher information), MAC

access-list (layer 2 information), and MAC-IP access-list (layer 2 or layer 3 or higher).

Configuration complexity based criterion: standard and extended, the extended mode

allows more specific filtering of information.

Nomenclature based criterion: numbered and named.

Description of an ACL should cover the above three aspects.

39.1.2 Access-group

When a set of access-lists are created, they can be applied to traffic of incoming direction on

all ports. Access-group is the description to the binding of an access-list to the incoming

direction on a specific port. When an access-group is created, all packets from in the incoming

direction through the port will be compared to the access-list rule to decide whether to permit

or deny access.

The current firmware only supports ingress ACL configuration.

39.1.3 Access-list Action and Global Default Action

There are two access-list actions and default action

s: “permit” or “deny”. The following rules

apply:

Advertising
Popular Brands
Popular manuals