Filter
Top Products
Chapter 20: Access Control Lists (ACL)
248
Overview
Access Control Lists (ACLs) act as filters to control the ingress packets on
ports. They are commonly used to restrict the types of packets that ports
accept to increase port security and create physical links dedicated to
carrying specific types of traffic. For instance, you can configure ACLs to
permit ports to accept only ingress packets that have a source or
destination IP address.
You create an ACL first and then assign it to a port. ACLs take effect
immediately when they are assigned to ports. To create an ACL, you
assign filtering criteria to select a group of traffic, assign an action of
dropping the traffic, forwarding the traffic to another port, or copying and
sending the traffic to another port. The port filters the ingress traffic and
takes an action based on the ACL that is assigned to the port.
Using the AT-8100 Web Interface, you can configure two types of ACLs:
IPv4 ACLs
MAC ACLs
IPv4 ACLs use IPv4 addresses as filtering criteria while MAC ACLs use
only MAC addresses as filtering criteria. For IPv4 ACLs, you can specify
TCP or UDP port numbers to filter the traffic. In addition, IPv4 ACLs are
only compatible with IPv4 addresses. They are not compatible with IPv6
addresses.
Classifier
Number Ranges
IPv4 and MAC ACLs are identified by classifier numbers. When you create
an ACL, you must choose the correct classifier number based on which
ACL you want to create. See the IPv4 and MAC ACL classifier number
ranges displayed in Table 8.
Filtering Criteria ACLs identify packets using filtering criteria. The AT-8100 Web Interface
offers five criteria:
Source and destination IPv4 addresses
Source and destination MAC addresses
Source and destination TCP ports
Table 8. ACL Classifier Number Ranges
Type of ACL Classifier Number Range
IPv4 ACLs 3000 - 3699
MAC ACLs 4000 - 4699