Access Control Lists; Configuring Access Control Lists - SMC Networks SMC6724L3 Management Manual
Tigerswitch 10/100 24-port layer 3 switch
Hide thumbs
Also See for SMC6724L3:
- Installation manual (82 pages) ,
- Brochure (4 pages) ,
- Technical specifications (2 pages)
Table of Contents
Advertisement
Access Control Lists
Access Control Lists (ACL) provide packet filtering for IP frames (based
on address, protocol, TCP/UDP port number or TCP control code) or
any frames (based on MAC address or Ethernet type). To filter incoming
packets, first create an access list, add the required rules, and then bind the
list to a specific port.
Configuring Access Control Lists
An ACL is a sequential list of permit or deny conditions that apply to IP
addresses, MAC addresses, or other more specific criteria. This switch tests
incoming packets against the conditions in an ACL one by one. If a list
contains all permit rules, a packet will be accepted as soon as it passes any
of the rules. If a list contains all deny rules, a packet will be rejected as soon
as it fails any one of the rules. In other words, if no rules match for a
permit list, the packet is dropped; and if no rules match for a deny list, the
packet is accepted.
Command Usage
The following restrictions apply to ACLs:
• Each ACL can have up to 32 rules.
• The maximum number of ACLs is also 32.
• However, due to resource restrictions, the average number of rules
bound to the ports should not exceed 20.
• The switch does not support the explicit "deny any any" rule for the IP
ACL or MAC ACL. If these rules are included in an ACL, and you
attempt to bind the ACL to an interface, the bind operation will fail.
• An access list can only contain all permit rules or all deny rules. In other
words, for performance reasons, you cannot mix permit and deny rules
in the same list.
A
C
CCESS
ONTROL
L
ISTS
3-41
Advertisement
Table of Contents
