Configuring Firewalls And Access Control Lists; Acl Overview - Motorola RFS Series Reference Manual

Wireless lan switches wing system
Hide thumbs Also See for RFS Series:
Table of Contents

Advertisement

6.5 Configuring Firewalls and Access Control Lists

An Access Control List (ACL) is a sequential collection of permit and deny conditions that apply to switch
data packets. When a packet is received on an interface, the switch compares the fields in the packet against
any applied ACLs to verify the packet has the required permissions to be forwarded, based on the criteria
specified in the access lists.
NOTE: If a packet does not meet any of the criteria specified in the ACL, the packet is
dropped.
Use the
Firewall
screen to view, add and configure access control configurations. Typically, an ACL consists
of series of entries called an Access Control Entry (ACE). Each ACE defines the access rights for a user in
relationship to the switch. When access is attempted, the operating system uses the ACL to determine
whether the user has switch access permissions. The ACL screen displays four tabs supporting the following
ACL configuration activities:
Configuring the Firewall
Attaching an ACL Layer 2/Layer 3 Configuration
Attaching an ACL on a WLAN Interface/Port
Reviewing ACL Statistics
NOTE: For an overview of how the switch uses an ACL to filter permissions to the switch
managed network, go to

6.5.1 ACL Overview

An ACL contains an ordered list of Access Control Entries (ACEs). Each ACE specifies an action and a set of
conditions that a packet must satisfy in order to match the ACE. The order of conditions in the list is critical
because the switch stops testing conditions after the first match.
The switch supports the following ACLs to filter traffic:
• Router ACLs — Applied to VLAN (Layer 3) interfaces. These ACLs filter traffic based on Layer 3
parameters like source IP, destination IP, protocol types and port numbers. They are applied on packets
routed through the switch. Router ACLs can be applied to inbound traffic only, not both directions.
• Port ACLs— Applied to traffic entering a Layer 2 interface. Only switched packets are subjected to these
kind of ACLs. Traffic filtering is based on Layer 2 parameters like–source MAC, destination MAC,
Ethertype, VLAN-ID, 802.1p bits (OR) Layer 3 parameters like– source IP, destination IP, protocol, port
number.
NOTE: Port and router ACLs can be applied only in an inbound direction. WLAN ACLs
support applying ACLs in the inbound and outbound direction.
• Wireless LAN ACLs - A Wireless LAN ACL is designed to filter/mark packets based on the wireless LAN
from which they arrived rather than filtering the packets arrived on Layer 2 ports.
For more information, see
Router ACLs
Port ACLs
ACL Overview on page
6-19.
6-19
Switch Security

Advertisement

Table of Contents
loading

This manual is also suitable for:

Ws5100 3.3Rfs6000 3.3Rfs7000 1.3

Table of Contents