Access control list commands, Access control list commands -122 – SMC Networks SMC TigerStack III SMC6824MPE User Manual

C

OMMAND

L

INE

I

NTERFACE

4-122

Access Control List Commands

Access Control Lists (ACL) provide packet filtering for IP frames (based on
address, protocol, Layer 4 protocol port number or TCP control code) or any
frames (based on MAC address or Ethernet type). To filter packets, first
create an access list, add the required rules, specify a mask to modify the
precedence in which the rules are checked, and then bind the list to a specific
port.

Access Control Lists
An ACL is a sequential list of permit or deny conditions that apply to IP
addresses, MAC addresses, or other more specific criteria. This switch tests
ingress or egress packets against the conditions in an ACL one by one. A
packet will be accepted as soon as it matches a permit rule, or dropped as
soon as it matches a deny rule. If no rules match for a list of all permit rules,
the packet is dropped; and if no rules match for a list of all deny rules, the
packet is accepted.

There are three filtering modes:

•

Standard IP ACL mode (STD-ACL) filters packets based on the source
IP address.

•

Extended IP ACL mode (EXT-ACL) filters packets based on source or
destination IP address, as well as protocol type and protocol port
number. If the TCP protocol is specified, then you can also filter packets
based on the TCP control code.

•

MAC ACL mode (MAC-ACL) filters packets based on the source or
destination MAC address and the Ethernet frame type (RFC 1060).

•

The following restrictions apply to ACLs: