Overview, Filtering criteria, Overview 4 – Allied Telesis AT-8100 Series User Manual

Chapter 98: Advanced Access Control Lists (ACLs)

1524

Overview

Access Control Lists (ACLs) act as filters to control the ingress packets on
ports. They are commonly used to restrict the types of packets ports
accept to increase port security and create physical links dedicated to
carrying specific types of traffic. For instance, you can configure ACLs to
permit ports to accept only ingress packets that have a specific source or
destination IP address.

There are four types of ACLs:



Numbered IPv4 ACLs



Numbered MAC ACLs



Named IPv4 ACLs (and MAC Addresses)



Named IPv6 ACLs

Numbered IPv4 ACLs and Numbered MAC ACLs are identified by ID
numbers. The ID number range for Numbered IPv4 ACLs is 3000 to 3699.
The ID number range for Numbered MAC ACLs is 4000 to 4699. In
addition, Numbered IPv4 ACLs and Numbered MAC ACLs take effect
immediately. You cannot assign them a date or time to begin filtering.
Numbered IPv4 ACLs are only compatible with IPv4 addresses. They are
not compatible with IPv6 addresses.

Both Named IPv4 ACLs and Named IPv6 ACLs are identified by user-
specified names. You can assign both of these types a date and time to
begin and end filtering. In other words, your filtering commands do not
have to take effect immediately. Named IPv4 ACLs are compatible with
IPv4 addresses and MAC addresses. Named IPv6 ACLs are compatible
with IPv6 addresses only.

Filtering Criteria

All types of ACLs identify packets using filtering criteria. There are six
criteria:



Source and destination IP addresses



ICMP source and destination IP addresses



Protocol type



Source and destination TCP ports



Source and destination UDP ports



Source and destination MAC addresses