ES4710BD 10 Slots L2/L3/L4 Chassis Switch
Chapter 12 ACL Configuration
12.1Introduction to ACL
ACL (Access Control List) is an IP packet filtering mechanism employed in switches, providing network traffic control by granting or denying access through the switches, effectively safeguarding the security of networks. The user can lay down a set of rules according to some information specific to packets, each rule describes the action for a packet with certain information matched: “permit” or “deny”. The user can apply such rules to the incoming or outgoing direction of switch ports, so that data streams in the specific direction of specified ports must comply with the ACL rules assigned.
12.1.1Access list
Access list is a sequential collection of conditions that corresponds to a specific rule. Each rule consists of filter information and the action when the rule is matched. Information included in a rule is the effective combination of conditions such as source IP, destination IP, IP protocol number and TCP port. Access lists can be categorized by the following criteria:
zFilter information based criterion: IP access list (layer 3 or higher information), MAC access list (layer 2 information), and
zConfiguration complexity based criterion: standard and extended, the extended mode allows more specific filtering of information.
zNomenclature based criterion: numbered and named.
Description of an ACL should cover the above three aspects.
12.1.2Access-group
When a set of access lists are created, they can be applied to traffic of any direction on all ports.
12.1.3Access list Action and Global Default Action
There are two access list actions and default actions: “permit” or “deny”
266
