Access Control Lists; How Access Control List Rules Work - 3Com SuperStack 3 3812 Implementation Manual

Access Control Lists

How Access Control
List Rules Work
Access Control Lists are a set of instructions that can be applied to filter
traffic on VLANs. They can be used to limit access to certain segments of
the network and therefore, are useful for network security.
Access Control Lists can be used to:
Prevent unnecessary network traffic.
■
Restrict access to proprietary information within the network.
■
Access Control Lists are based on a series of rules. Rules are applied to
VLANs and determine the path or access limitations for packets received
on a VLAN. When a packet is received on a VLAN, it is compared to an
access list for this VLAN. If a match is found; meaning the packet falls
under the rule, it will be blocked or forwarded to the appropriate VLAN
depending on the action.
Rules are established based on IP addressing. A packet matches an access
list rule when it's destination IP address falls with the values of the rule.
When a match is found, the path the packet takes is determined by the
rule and is either forwarded (permitted) or dropped (denied).
There are a maximum of 100 access lists that can be applied under the
current operating system. Access list rules can be applied and traffic is
forwarded at wire speed using layer 3 destination IP addresses and
VLANs.
When a packet is received it is compared against the VLAN access list. The
access list rules are applied to a range of IP addresses and are defined by
the destination IP address and a mask. If a match is found in the access
list the appropriate action is taken. By default, if no access list has been
defined for a VLAN, all IP traffic will be permitted. Denial is based on a
pre-defined rule.
For example:
Packet destination IP address: 10.101.67.45
Rule destination address: 10.101.67.0
Rule destination mask: 255.255.255.0
Rule action: deny
Access Control Lists 77