Access control lists (acls) – NETGEAR AV Line M4250 GSM4210PX 8-Port Gigabit PoE+ Compliant Managed AV Switch with SFP (220W) User Manual

• Port 4: PVID 20

4. With the VLAN configuration that you set up, the following situations produce results

as described:

• If an untagged packet enters port 1, the switch tags it with VLAN ID 10. The packet

can access port 2 and port 3. The outgoing packet is stripped of its tag to leave
port 2 as an untagged packet. For port 3, the outgoing packet leaves as a tagged
packet with VLAN ID 10.

• If a tagged packet with VLAN ID 10 enters port 3, the packet can access port 1

and port 2. If the packet leaves port 1 or port 2, it is stripped of its tag to leave the
switch as an untagged packet.

• If an untagged packet enters port 4, the switch tags it with VLAN ID 20. The packet

can access port 5 and port 6. The outgoing packet is stripped of its tag to become
an untagged packet as it leaves port 6. For port 5, the outgoing packet leaves as
a tagged packet with VLAN ID 20.

Access control lists (ACLs)

ACLs ensure that only authorized users can access specific resources while blocking off
any unwarranted attempts to reach network resources.

ACLs are used to provide traffic flow control, restrict contents of routing updates, decide
which types of traffic are forwarded or blocked, and provide security for the network.
ACLs are normally used in firewall routers that are positioned between the internal
network and an external network, such as the Internet. They can also be used on a router
positioned between two parts of the network to control the traffic entering or exiting a
specific part of the internal network. The added packet processing required by the ACL
feature does not affect switch performance. That is, ACL processing occurs at wire
speed.

Access lists are a sequential collection of permit and deny conditions. This collection
of conditions, known as the filtering criteria, is applied to each packet that is processed
by the switch or the router. The forwarding or dropping of a packet is based on whether
or not the packet matches the specified criteria.

Traffic filtering requires the following two basic steps:

1. Create an access list definition.

The access list definition includes rules that specify whether traffic matching the
criteria is forwarded normally or discarded. Additionally, you can assign traffic that
matches the criteria to a particular queue or redirect the traffic to a particular port.
A default

deny all

rule is the last rule of every list.

2. Apply the access list to an interface in the inbound direction.

Main User Manual

768

Configuration Examples

AV Line of Fully Managed Switches M4250 Series Main User Manual