Configuring Acls; Acl Overview - Motorola WS5100 Series Reference Manual

5. Refer to the Status
messages if something goes wrong in the transaction between the applet and the switch.
6. Click OK to use the changes to the running configuration and close the dialog.
7. Click Cancel to close the dialog without committing updates to the running configuration.

6.5 Configuring ACLs

An Access Control List (ACL) is a sequential collection of permit and deny conditions that apply to switch
data packets. When a packet is received on an interface, the switch compares the fields in the packet against
any applied ACLs to verify the packet has the required permissions to be forwarded, based on the criteria
specified in the access lists.
NOTE: If a packet does not meet any of the criteria specified in the ACL, the packet is
dropped.
Use the ACL screen to view, add and configure access control configurations. Typically, an ACL consists of
series of entries called an Access Control Entry (ACE). Each ACE defines the access rights for a user in
relationship to the switch. When access is attempted, the operating system uses the ACL to determine
whether the user has switch access permissions. The ACL screen displays four tabs supporting the following
ACL configuration activities:
• Configuring an ACL
• Attaching an ACL
• Attaching an ACL on a WLAN Interface/Port
• Reviewing ACL Statistics
NOTE: For an overview of how the switch uses an ACL to filter permissions to the switch
managed network, go to

6.5.1 ACL Overview

An ACL contains an ordered list of Access Control Entries (ACEs). Each ACE specifies an action and a set of
conditions that a packet must satisfy in order to match the ACE. The order of conditions in the list is critical
because the switch stops testing conditions after the first match.
The switch supports the following ACLs to filter traffic:
• Router ACLs — Applied to VLAN (Layer 3) interfaces. These ACLs filter traffic based on Layer 3
parameters like source IP, destination IP, protocol types and port numbers. They are applied on packets
routed through the switch. Router ACLs can be applied to inbound traffic only, not both directions.
• Port ACLs— Applied to traffic entering a Layer 2 interface. Only switched packets are subjected to these
kind of ACLs. Traffic filtering is based on Layer 2 parameters like–source MAC, destination MAC,
Ethertype, VLAN-ID, 802.1p bits (OR) Layer 3 parameters like– source IP, destination IP, protocol, port
number.
NOTE: Port and router ACLs can be applied only in an inbound direction. WLAN ACLs
support applying ACLs in the inbound and outbound direction.
field for the state of the requests made from applet. This field displays error
ACL Overview on page
Switch Security
6-17.
6-17