Access Control List Concepts; Mac Acls - NETGEAR M4200 Software Administration Manual

Access Control List Concepts

Access control lists (ACLs) can control the traffic entering a network. Normally ACLs reside in
a firewall router or in a router connecting two internal networks. When you configure ACLs,
you can selectively admit or reject inbound traffic, thereby controlling access to your network
or to specific resources on your network.
You can set up ACLs to control traffic at Layer 2-, or Layer 3. MAC ACLs are used for
Layer 2. IP ACLs are used for Layer 3. Each ACL contains a set of rules that apply to
inbound traffic. Each rule specifies whether the contents of a given field should be used to
permit or deny access to the network, and may apply to one or more of the fields within a
packet.
The following limitations apply to ACLs. These limitations are platform-dependent.
• The maximum of number of ACLs is 100.
• The maximum number of rules per ACL is 8–10.
• Stacking systems do not support redirection.
• The system does not support MAC ACLs and IP ACLs on the same interface.
• The system supports ACLs set up for inbound traffic only.

MAC ACLs

MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect the following fields of a
packet (limited by platform):
• Source MAC address with mask.
• Destination MAC address with mask.
• VLAN ID (or range of IDs).
• Class of Service (CoS) (802.1p).
• EtherType:
- Secondary CoS (802.1p).
- Secondary VLAN (or range of IDs).
• L2 ACLs can apply to one or more interfaces.
• Multiple access lists can be applied to a single interface: the sequence number
determines the order of execution.
• You can assign packets to queues using the assign queue option.
• You can redirect packets using the redirect option.
Managed Switches
ACLs
163