Access Control List Configuration - Ubiquiti EdgeSwitch ES-24-250W Administration Manual

EdgeSwitch Administration Guide
™

Access Control List Configuration

Use the Access Control List Configuration page to configure rules for existing ACLs on the system and to view
summary information about rules that have been added to an ACL. Each ACL rule is configured to match one
or more aspects of traffic on the network. When a packet matches all the conditions in a rule, it is handled
according to the rule's configured action (permit or deny) and attributes. Each ACL can have multiple rules,
but the final rule for every ACL is an implicit deny all rule.
To display the page, click QoS > Access Control Lists > Configuration in the navigation menu.
Field
ACL Identifier
Rule
ACL Type
Status
Action
Match Conditions
Rule Attributes
Ubiquiti Networks, Inc.
Access Control List Configuration
Access Control List Configuration Fields
Description
This drop-down list contains the ID for each ACL on the system. To add or remove a rule, first select
the associated ACL's ID from this list. For ACLs with alphanumeric names, click
ID. The ID of a Named IPv4 ACL must begin with a letter, and not a number. The ACL identifier for IPv4
Standard and IPv4 Extended ACLs cannot be changed.
The number that identifies the rule. A number is automatically assigned to a rule when it is created.
Rules are added in the order they are created and cannot be renumbered. Packets are checked against
the rule criteria in order, from the lowest-numbered rule to the highest. When the packet matches the
criteria in a rule, it is handled according to the rule action and attributes. If no rule matches a packet,
the packet is discarded based on the implicit deny all rule, which is the final rule in every ACL.
The type of ACL. The ACL type determines the criteria that can be used to match packets. The type
also determines which attributes can be applied to matching traffic.
Indicates whether the ACL is active. If the ACL is a time-based ACL that includes a time range, the ACL
is active only during the periods specified within the time range. If an ACL does not include a time
range, the status is always active.
The action to take when a packet or frame matches the criteria in the rule:
• Permit The packet or frame is forwarded.
• Deny The packet or frame is dropped.
Note: When configuring ACL rules in the Add Access Control List Rule window, the selected action
determines which fields can be configured. Not all fields are available for both Permit and Deny actions.
The criteria used to determine whether a packet or frame matches the ACL rule.
Each action, beyond the basic Permit and Deny actions, to perform on the traffic that matches the rule.
Configuring Quality of Service
to change the ACL
232