Using Access Control Lists For Security; Creating Access Control Lists - 3Com 3CRWX120695A Reference Manual

Using Access
Control Lists for
Security
Creating Access
Control Lists
10 Click Close. The Create Mobility Profiles dialog box is active.
11 Click Finish to save the changes and close the wizard.
An access control list (ACL) filters packets to restrict or permit network
usage by certain users, network devices, or traffic types. You can also
assign a class of service (CoS) level, which allows priority handling, to
packets. For example, you can use ACLs to enable users to send and
receive packets within an intranet, but restrict incoming packets to the
server that stores confidential salary information.
An ACL is an ordered list of access control entries (ACEs) — rules that
specify how to handle packets. The rule consists of a filter and an action.
When a packet matches the filter, the action is applied to the packet.
If there are no ACE matches in the ACL, an ACL contains an implicit rule
that denies all access. If there is not at least one ACE that permits access
in an ACL, no traffic will be allowed. The implicit "deny all" rule is always
the last ACE of an ACL.
You can choose to count the number of times an ACE is matched. This hit
count is useful for troubleshooting complex ACL configurations and for
monitoring traffic load for specific network applications or protocols. The
hit count can only be seen from the CLI. To start updating hit counter
statistics in the CLI, you must first set the hits sampling rate to a nonzero
value, such as 15 seconds. For more information about security ACLs, see
the Wireless LAN Switch and Controller Configuration Guide.
You cannot perform ACL functions that include permitting, denying, or
marking with a Class of Service (CoS) level on packets with a multicast or
broadcast destination address.
To create an ACL, you perform the following tasks:
Set up ACL basic properties.
Define ACEs.

Using Access Control Lists for Security

347