Chapter 10. Acl; Overview; Supported Acls - Motorola WS5100 Series Migration Giude

This chapter provides detailed feature and configuration information for the ACL features.
•

Overview

• Firewall
• Network Address Translation
• Configuring ACL using CLI
• Configuring ACL using the Web UI
10.1 Overview
An Access Control List (ACL) is a sequential collection of permit and deny conditions that apply to packets.
When a packet is received on an interface, the WS5100 Switch compares the fields in the packet against
any applied ACLs. It verifies whether the packet has the required permissions to be forwarded based on the
criteria specified in the access lists. This concept is known as packet filtering and it helps to limit network
traffic and restricts network usage by certain users or devices.
An ACL contains an ordered list of Access Control Entries (ACEs). Each ACE specifies an action and a set of
conditions that a packet must satisfy in order to match the ACE. The order of conditions in the list is critical
because the WS5100 Switch stops testing conditions after the first match.
WS5100 Switch supports two types of ACLs:
1. IP ACLs — Filters IP traffic, including TCP, UDP, and ICMP. It includes Standard and Extended ACL
2. MAC ACLs — Filters non-IP traffic. This supports only Extended ACL.

10.1.1 Supported ACLs

The WS5100 Switch supports following applications of ACLs to filter traffic:
• Router ACLs — These are applied to VLAN (Layer 3) interfaces. These ACLs filter traffic based on Layer
3 parameters like Source IP, Destination IP, Protocol types and Port Numbers. They are applied on packets
which are routed through the box.
• Port ACLs — These are applied to traffic entering a Layer 2 interface. Only switched packets are
subjected to these kind of ACLs. Traffic filtering is based on Layer 2 parameters like–Source MAC,
ACL