NETGEAR 7000 Series Switch User Manual


 
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2
9-2 Access Control Lists (ACLs)
v1.0, May 2008
Destination MAC address with mask
VLAN ID (or range of IDs)
Class of Service (CoS) (802.1p)
Ethertype
L2 ACLs can apply to one or more interfaces
Multiple access lists can be applied to a single interface - sequence number determines the
order of execution
You cannot configure a MAC ACL and an IP ACL on the same interface
You can assign packets to queues using the assign queue option
You can redirect packets using the redirect option
Configuring IP ACLs
IP ACLs classify for Layer 3.
Each ACL is a set of up to ten rules applied to inbound traffic. Each rule specifies whether the
contents of a given field should be used to permit or deny access to the network, and may apply to
one or more of the following fields within a packet:
Source IP address
Destination IP address
Source Layer 4 port
Destination Layer 4 port
•ToS byte
Protocol number
Note that the order of the rules is important: when a packet matches multiple rules, the first rule
takes precedence. Also, once you define an ACL for a given port, all traffic not specifically
permitted by the ACL will be denied access.