Access Control List Summary - Ubiquiti EdgeSwitch ES-24-250W Administration Manual

EdgeSwitch Administration Guide
™

Access Control List Summary

Use the Access Control List Summary page to add or remove IP-based ACLs. On this menu the interfaces to
which an IP ACL applies must be specified, as well as whether it applies to inbound or outbound traffic.
To display the page, click QoS > Access Control Lists > Summary in the navigation menu.
Field
ACL Identifier
ACL Type
Rules Used
Direction
Interface
VLAN
Use the buttons at the bottom of the page to perform the following tasks:
• To add an ACL, click Add, configure the ACL type and ID, and click Submit to apply the changes.
• To configure rules for an ACL, select the ACL and click Edit. Configure the fields on the Access Control List
Configuration page for the selected ACL (see "Access Control List Configuration" on page 232), and
click Submit to apply the changes.
• To remove one or more configured ACLs, select each entry to delete and click Remove. You must confirm
the action before the entry is deleted.
• Click Refresh to refresh the page with the most current data from the switch.
To retain the changes across the switch's next power cycle, click System > Configuration Storage > Save.
Ubiquiti Networks, Inc.
Access Control List Summary
Access Control List Summary Fields
Description
The name or number that identifies the ACL. The permitted identifier depends on the ACL type.
Standard and Extended IPv4 ACLs use numbers within a set range, and Named IPv4 and MAC ACLs use
alphanumeric characters.
The type of ACL. The ACL type determines the criteria that can be used to match packets. The type also
determines which attributes can be applied to matching traffic. IPv4 ACLs classify Layer-3 and Layer-4
IPv4 traffic, IPv6 ACLs classify Layer-3 and Layer-4 IPv6 traffic, and MAC ACLs classify Layer-2 traffic. The
ACL types are as follows:
IPv4 Standard
• Match criteria is based on the source address of IPv4 packets.
• IPv4 Extended Match criteria can be based on the source and destination addresses, source and
destination Layer-4 ports, and protocol type of IPv4 packets.
• IPv4 Named Match criteria is the same as IPv4 Extended ACLs, but the ACL ID can be an
alphanumeric name instead of a number.
• IPv6 Named Match criteria can be based on information including the source and destination
IPv6 addresses, source and destination Layer-4 ports, and protocol type within IPv6 packets.
Extended MAC
• Match criteria can be based on the source and destination MAC addresses, 802.1p
user priority, VLAN ID, and EtherType value within Ethernet frames.
The number of rules currently configured for the ACL.
Indicates whether the packet is checked against the rules in an ACL when it is received on an interface
(Inbound) or after it has been received, routed, and is ready to exit an interface (Outbound).
The interface(s) to which the ACL has been applied.
Each VLAN to which the ACL has been applied.
Configuring Quality of Service
231