Defining Ip Based Access Control Lists - D-Link Web Smart DES-3252P Install Manual

Defining IP Based Access Control Lists

Access Control Lists (ACL) allow network managers to define classification actions and rules for specific ingress
ports. Packets entering an ingress port, with an active ACL, are either admitted or denied entry and the ingress
port is disabled. If they are denied entry, the user can disable the port.
For example, an ACL rule is defined that states, port number 20 can receive TCP packets, however, if a UDP
packet is received, the packet is dropped. ACLs are composed of access control entries (ACEs) that are made of
the filters that determine traffic classifications. The total number of ACEs that can be defined in all ACLs together
is 1024. The following filters can be defined as ACEs:
•
Source Port IP Address and Wildcard Mask — Filters the packets by the Source port IP address and wild-
card mask.
•
Destination Port IP Address and Wildcard Mask — Filters the packets by the Source port IP address and
wildcard mask.
•
ACE Priority — Filters the packets by the ACE priority.
•
Protocol — Filters the packets by the IP protocol.
•
DSCP — Filters the packets by the DiffServ Code Point (DSCP) value.
•
IP Precedence — Filters the packets by the IP Precedence.
•
Action — Indicates the action assigned to the packet matching the ACL. Packets are forwarded or dropped.
In addition, the port can be shut down, a trap can be sent to the network administrator, or packet is assigned
rate limiting restrictions for forwarding.
1. Click Advanced Setup > Security Suite > Access Control > IP Based ACL. The IP Based ACL Page
opens:
Figure 86: IP Based ACL Page
•
The IP Based ACL Page contains the following fields:
•
ACL Name — Displays the user-defined IP based ACLs.
•
Remove ACL — Removes the IP based ACLs. The possible field values are:
–
Checked — Removes the selected IP based ACL.
Page 143
Configuring Device Security
Configuring Network Security