Port Acls; Wireless Lan Acls; Acl Actions - Motorola WS5100 Series Migration Giude

Hide thumbs Also See for WS5100 Series:

Cli reference manual (492 pages)

Reference manual (444 pages)

Troubleshooting manual (100 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

Table of Contents

10.1.1.2 Port ACLs

WS5100 supports Port ACLs on physical interfaces and inbound traffic only. The following types of Port ACLs

are supported based on the matching criteria:

• Standard IP ACL — It uses Source IP address as matching criteria.

• Extended IP ACL — It uses Source IP address, Destination IP address and IP protocol type as basic

matching criteria. It can also include other parameters specific to a protocol type, like–Source and

Destination port for TCP/UDP protocols.

• MAC Extended ACL— It uses Source and Destination MAC Addresses, VLAN ID. It optionally, also uses

ethertype information.

Port ACLs are not stateful as compared to Router ACLs. Hence it matches every packet against the configured

ACL rules and takes action as defined by the ACL rules.

When a Port ACL is applied to a trunk port, the ACL filters traffic on all VLANs present on the trunk port. With

Port ACLs, you can filter

• IP traffic by using IP ACL and

• Non-IP traffic by using MAC addresses.

Both IP and non-IP traffic on the same Layer 2 interface can be filtered by applying both an IP ACL and a MAC

ACL to the interface.

You cannot apply more than one IP ACL and one MAC ACL to a Layer 2 interface. If an IP ACL or MAC ACL is

already configured on a Layer 2 interface and a new IP ACL or MAC ACL is applied to the interface, the new

ACL replaces the previously configured one.

10.1.1.3 Wireless LAN ACLs

Wireless LAN ACLs filter/mark packets based on the wireless LAN from which they arrive rather than

filtering the packets arrived on L2 ports.

In general, a Wireless-LAN ACL can be used to filter wireless to wireless, wireless to wired and wired to

wireless traffic. Typical wired to wired traffic can be filtered using a L2 port based ACL rather than a WLAN

ACL.

Each WLAN is assumed to be a virtual L2 port. Configure one IP and one MAC ACL on the virtual WLAN port.

In contrast to L2 ACLs, a WLAN ACL can be enforced on both the Inbound and Outbound direction.

10.1.2 ACL Actions

Every ACE within an ACL is made up of an action and matching criteria. The action defines what to do with

the packet if it matches the specified matching criteria. The following types of actions are supported.

• deny — It instructs the ACL to drop the packet if does not matches the criteria defined by the ACE.

• permit — It instructs the ACL to allows the packet to go to its destination.

• mark — It modifies certain fields inside the packet and then permits it. Hence mark is an action with an

implicit permit. Using mark action the following fields in the packet can be can modified.

• VLAN 802.1p priority.

10-3

ACL

Table of Contents

Port Acls; Wireless Lan Acls; Acl Actions - Motorola WS5100 Series Migration Giude

10.1.1.2 Port ACLs

10.1.1.3 Wireless LAN ACLs

10.1.2 ACL Actions

Related Manuals for Motorola WS5100 Series

Related Content for Motorola WS5100 Series

Table of Contents