6.3 Access Lists
An access list is a criteria statement that the switch uses to determine whether to allow or block traffic based on MAC
addresses, IP addresses, or UDP/TCP ports. Access lists can be configured to provide basic security on your
network, and to prevent unnecessary traffic between network segments. Access lists are applied to inbound traffic
only.
When configuring an access list, an argument of ‘priority’ must be specified. The priority of an ACL is important, as
the switch tests addresses of each packet against the criteria in access lists one by one (in the order of the priority)
until it finds a match. One of the arguments in specifying the access list is the ‘mask’ that comes after a MAC
address or IP address. This argument identifies which bits in the address field are to be matched. A “1” indicates that
positions must match; a “0” indicates that position is ignored
The check of a match comes first for an access list with lower priority(lower value) than those with higher priority
values. The last match determines whether the software accepts or rejects the address. In case of multiple matches,
the match in IP mode takes precedence over that in MAC mode. Because the switch goes through the whole set of
access lists to find matches, the priority of the ACL is critical.
Important! By default, if no conditions match, the switch allows the address.
The switch supports up to 256 access lists, and MAC address based access lists can not exceed 64.
An access list can be configured using the command and its arguments in configuration mode below:
access-list name acl1 ?
add Create a new access-list
action Specify the action of the ACL entry
clear Clear ACL entry contents
delete Remove the ACL entry
enable Enable the ACL entry
disable Disable the ACL entry
set Set ACL entry contents
6.3.1 Creating an Access List
To create an access list, use the command below:
Command Purpose
access-list name acl1 add priority 1
Create an access list named ‘acl_name’ with priority 1
6.3.2 Configuring an Access List
To configure an access list, use the command below:
50 Asante IntraCore IC39240/480 User’s Manual