Chapter 15 acl configuration, 1 introduction to acl, 2 access-list – Amer Networks SS2R48G4i V2 User Manual

Page 139: 1 access-group, 2 access-list action and global default action

Advertising
background image

SS2R24G4i/SS2R48G4i

128

Chapter 15 ACL Configuration

15.1 Introduction to ACL

ACL (Access Control List) is an IP packet filtering mechanism employed in switches, providing

network traffic control by granting or denying access through the switches, effectively safeguarding the
security of networks. The user can lay down a set of rules according to some information specific to
packets, each rule describes the action for a packet with certain information matched “permit” or
“deny”. The user can apply such rules to the incoming or outgoing direction of switch ports, so that data
streams in the specific direction of specified ports must comply with the ACL rules assigned.

15.2 Access-list

Access-list is a sequential collection of conditions that corresponds to a specific rule. Each rule

consist of filter information and the action when the rule is matched. Information included in a rule is the
effective combination of conditions such as source IP, destination IP, IP protocol number and TCP port.
Access-lists can be categorized by the following criteria

z

Filter information based criterion IP access-list (layer 3 or higher information), MAC access-list
(layer 2 information), and MAC-IP access-list (layer 2 or layer 3 or higher).

z

Configuration complexity based criterion standard and extended, the extended mode allows

more specific filtering of information.

z

Nomenclature based criterion numbered and named

Description of an ACL should cover the above three aspects.

15.2.1 Access-group

When a set of access-lists are created, they can be applied to traffic of any direction on all ports.
Access-group is the description to the binding of an access-list to the specified direction on a specific
port. When an access-group is created, all packets from in the specified direction through the port will
be compared to the access-list rule to decide whether to permit or deny access.



15.2.2 Access-list Action and Global Default Action

There are two access-list actions and default actions “permit” or “deny”

The following rules apply

z

An access-list can consist of several rules. Filtering of packets compares packet conditions to the

Advertising
Popular Brands
Popular manuals