NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2
9-2 Access Control Lists (ACLs)
v1.0, May 2008
• Destination MAC address with mask
• VLAN ID (or range of IDs)
• Class of Service (CoS) (802.1p)
• Ethertype
• L2 ACLs can apply to one or more interfaces
• Multiple access lists can be applied to a single interface - sequence number determines the
order of execution
• You cannot configure a MAC ACL and an IP ACL on the same interface
• You can assign packets to queues using the assign queue option
• You can redirect packets using the redirect option
Configuring IP ACLs
IP ACLs classify for Layer 3.
Each ACL is a set of up to ten rules applied to inbound traffic. Each rule specifies whether the
contents of a given field should be used to permit or deny access to the network, and may apply to
one or more of the following fields within a packet:
• Source IP address
• Destination IP address
• Source Layer 4 port
• Destination Layer 4 port
•ToS byte
• Protocol number
Note that the order of the rules is important: when a packet matches multiple rules, the first rule
takes precedence. Also, once you define an ACL for a given port, all traffic not specifically
permitted by the ACL will be denied access.