NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3
•
L2 ACLs can apply to one or more interfaces
•
Multiple access lists can be applied to a single interface - sequence number determines the order of
execution
•
You cannot configure a MAC ACL and an IP ACL on the same interface
•
You can assign packets to queues using the assign queue option
•
You can redirect packets using the redirect option
Configuring IP ACLs
IP ACLs classify for Layer 3.
Each ACL is a set of up to ten rules applied to inbound traffic. Each rule specifies whether the contents of a
given field should be used to permit or deny access to the network, and may apply to one or more of the
following fields within a packet:
•
Source IP address
•
Destination IP address
•
Source Layer 4 port
•
Destination Layer 4 port
•
ToS byte
•
Protocol number
Note that the order of the rules is important: when a packet matches multiple rules, the first rule takes
precedence. Also, once you define an ACL for a given port, all traffic not specifically permitted by the ACL
will be denied access.
Process
To configure ACLs, follow these steps:
•
Create an ACL by specifying a name (MAC ACL) or a number (IP ACL).
•
Add new rules to the ACL.
•
Configure the match criteria for the rules.
•
Apply the ACL to one or more interfaces.
12-2
v1.0, November 2008
Access Control Lists (ACLs)