Overview, Classifier number ranges, Filtering criteria – Allied Telesis AT-FS970M Series User Manual

Chapter 20: Access Control Lists (ACL)

232

Overview

Access Control Lists (ACLs) act as filters to control the ingress packets on
ports. They are commonly used to restrict the types of packets that ports
accept to increase port security and create physical links dedicated to
carrying specific types of traffic. For instance, you can configure ACLs to
permit ports to accept only ingress packets that have a specific source IP
address or destination IP address.

You create an ACL first and then assign it to a port. ACLs take effect
immediately when they are assigned to ports. To create an ACL, you
assign filtering criteria to select a type of traffic, assign an action of
dropping the traffic, forwarding the traffic to another port, or copying and
mirroring the traffic to another port. The port filters the ingress traffic and
takes an action based on the ACL that is assigned to the port.

Using the AT-FS970M web interface, you can configure two types of
ACLs:



IPv4 ACLs



MAC ACLs

IPv4 ACLs use IPv4 addresses as filtering criteria while MAC ACLs use
only MAC addresses as filtering criteria. For IPv4 ACLs, you can specify
TCP or UDP port numbers to filter the traffic. In addition, IPv4 ACLs are
only compatible with IPv4 addresses. They are not compatible with IPv6
addresses.

Classifier

Number Ranges

IPv4 and MAC ACLs are identified by classifier numbers. When you create
an ACL, you must choose the correct classifier number based on which
ACL you want to create. See the IPv4 and MAC ACL classifier number
ranges displayed in Table 9.

Filtering Criteria

ACLs identify packets using filtering criteria. The AT-FS970M web
interface offers five criteria:



Source and destination IPv4 addresses



Source and destination MAC addresses



Source and destination TCP ports

Table 9. ACL Classifier Number Ranges

Type of ACL

Classifier Number Range

IPv4 ACLs

3000 - 3699

MAC ACLs

4000 - 4699