Configuring ip acls – NETGEAR 7000 Series Managed Switch User Manual

NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2

9-2

Access Control Lists (ACLs)

v1.0, May 2008

•

Destination MAC address with mask

•

VLAN ID (or range of IDs)

•

Class of Service (CoS) (802.1p)

•

Ethertype

•

L2 ACLs can apply to one or more interfaces

•

Multiple access lists can be applied to a single interface - sequence number determines the
order of execution

•

You cannot configure a MAC ACL and an IP ACL on the same interface

•

You can assign packets to queues using the assign queue option

•

You can redirect packets using the redirect option

Configuring IP ACLs

IP ACLs classify for Layer 3.

Each ACL is a set of up to ten rules applied to inbound traffic. Each rule specifies whether the
contents of a given field should be used to permit or deny access to the network, and may apply to
one or more of the following fields within a packet:

•

Source IP address

•

Destination IP address

•

Source Layer 4 port

•

Destination Layer 4 port

•

ToS byte

•

Protocol number

Note that the order of the rules is important: when a packet matches multiple rules, the first rule
takes precedence. Also, once you define an ACL for a given port, all traffic not specifically
permitted by the ACL will be denied access.