Mac acls, Ip acls – D-Link UNIFIED WIRED & WIRELESS ACCESS SYSTEM DWS-3000 User Manual

Page 96

Wired Configuration Guide

•

The order of the rules is important: when a packet matches multiple rules, the first rule
takes precedence. Also, once you define an ACL for a given port, all traffic not specifi-
cally permitted by the ACL is denied access.

MAC ACLs

MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect the following fields of a
packet:

•

Source MAC address

•

Source MAC mask

•

Destination MAC address

•

Destination MAC mask

•

VLAN ID

•

Class of Service (CoS) (802.1p)

•

Ethertype

L2 ACLs can apply to one or more interfaces.

Multiple access lists can be applied to a single interface - sequence number determines the
order of execution.

You can assign packets to queues using the assign queue option.

IP ACLs

IP ACLs classify for Layers 3 and 4.

Each ACL is a set of up to ten rules applied to inbound traffic. Each rule specifies whether the
contents of a given field should be used to permit or deny access to the network, and may
apply to one or more of the following fields within a packet:

•

Destination IP with wildcard mask

•

Destination L4 Port

•

Every Packet

•

IP DSCP

•

IP Precedence

•

IP TOS

•

Protocol

•

Source IP with wildcard mask

•

Source L4 port

•

Destination Layer 4 port