3 access lists, 1 creating an access list, 2 configuring an access list – Asante Technologies 480 User Manual

Page 50

Advertising
background image

6.3 Access Lists

An access list is a criteria statement that the switch uses to determine whether to allow or block traffic based on MAC
addresses, IP addresses, or UDP/TCP ports. Access lists can be configured to provide basic security on your
network, and to prevent unnecessary traffic between network segments. Access lists are applied to inbound traffic
only.

When configuring an access list, an argument of ‘priority’ must be specified. The priority of an ACL is important, as
the switch tests addresses of each packet against the criteria in access lists one by one (in the order of the priority)
until it finds a match. One of the arguments in specifying the access list is the ‘mask’ that comes after a MAC
address or IP address. This argument identifies which bits in the address field are to be matched. A “1” indicates that
positions must match; a “0” indicates that position is ignored

The check of a match comes first for an access list with lower priority(lower value) than those with higher priority
values. The last match determines whether the software accepts or rejects the address. In case of multiple matches,
the match in IP mode takes precedence over that in MAC mode. Because the switch goes through the whole set of
access lists to find matches, the priority of the ACL is critical.

Important! By default, if no conditions match, the switch allows the address.

The switch supports up to 256 access lists, and MAC address based access lists can not exceed 64.

An access list can be configured using the command and its arguments in configuration mode below:

access-list name acl1 ?

add Create a new access-list

action Specify the action of the ACL entry

clear Clear ACL entry contents

delete Remove the ACL entry

enable Enable the ACL entry

disable Disable the ACL entry

set Set ACL entry contents

6.3.1 Creating an Access List

To create an access list, use the command below:

Command Purpose

access-list name acl1 add priority 1

Create an access list named ‘acl_name’ with priority 1

6.3.2 Configuring an Access List

To configure an access list, use the command below:

50

Asante IntraCore IC39240/480

User’s Manual

Advertising
This manual is related to the following products:

39240

Popular Brands
Popular manuals