Using Access Control Lists (ACLs)
NOTE: You can enable logging on ACLs and filters that support logging even when the ACLs and filters are
already in use. To do so, re-enter the ACL or filter command and add the log parameter to the end of the ACL or
filter. The software replaces the ACL or filter command with the new one. The new ACL or filter, with logging
enabled, takes effect immediately.
The in | out parameter specifies whether the ACL applies to incoming traffic or outgoing traffic on the interface to
which you apply the ACL. You can apply the ACL to an Ethernet port or virtual interface.
NOTE: If the ACL is for the inbound traffic direction on a virtual routing interface, you also can specify a subset of
ports within the VLAN containing that interface when assigning an ACL to the interface. See “Configuring Named
ACLs” on page 3-18.
USING THE WEB MANAGEMENT INTERFACE
To configure a standard ACL:
1. Log on to the device using a valid user name and password for read-write access. The System configuration
dialog is displayed.
2. Click on the plus sign next to Configure in the tree view to display the list of configuration options.
3. Click on the plus sign next to System or IP to display more configuration options. You can access the ACL
configuration panels from either location.
4. Select the Standard ACL
link.
• If the device does not already have some standard ACLs, the Standard ACL configuration panel is
displayed, as shown in the following example.
• Otherwise, if the device already has some standard ACLs, the Standard ACL table is displayed. This
table lists the configured ACLs. Select the Add Standard ACL
link to display the Standard ACL
configuration panel, as shown in the following example.
5. Change the ACL number in the Standard ACL Number field or use the ACL number displayed in the field.
NOTE: You cannot specify a name.
6. Select the ACL action. You can select Permit or Deny:
• Permit – Forwards traffic or allows management access for the specified IP source.
• Deny – Drops traffic or denies management access for the specified IP source.
3 - 7