220
XS712T Smart Switch
IP ACL
IP ACLs allow network managers to define classification actions and rules for specific ingress
ports. Packets can be filtered on ingress (inbound) ports only. If the filter rules match, then
some actions can be taken, including dropping the packet or disabling the port. For example,
a network administrator defines an ACL rule that says port number 20 can receive TCP
packets. However, if a UDP packet is received the packet is dropped.
ACLs are composed of access control entries (ACE), or rules, that consist of the filters that
deter
mine traffic classifications.
Use the IP ACL Configuration screen to add or remove IP-based ACLs.
To configure an IP ACL:
1. Select Security
ACL > Advanced IP ACL.
The IP ACL area shows the current size of the ACL table versus the maximum size of the
ACL table. The current size is equal to the number of configured IPv4 ACLs plus the
number of configured MAC ACLs. The maximum size is 100.
2. In
the IP ACL ID field, specify the ACL ID. The ID is an integer in the following range:
• 1–99. Creates an IP S
tandard ACL, which allows you to permit or deny traffic from a
source IP address.
• 100–
199. Creates an IP Extended ACL, which allows you to permit or deny specific
types of layer 3 or layer 4 traffic from a source IP address to a destination IP address.
This type of ACL provides more granularity and filtering capabilities than the standard
IP ACL.
3. Click Add..
Each configured ACL displays the following information:
• Rules. Displays the nu
mber of rules currently configured for the IP ACL.
• Ty
pe. Identifies the ACL as either a standard or extended IP ACL.
To delete an IP ACL
1. Select the check box
next to the IP ACL ID field.
2. Click Delete.