Netgear MS510TXPP User Manual - Page 336
Access Control Lists (ACLs), Sample MAC ACL Configuration
![]() |
View all Netgear MS510TXPP manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 336 highlights
Smart Managed Pro Switches MS510TX and MS510TXPP • If an untagged packet enters port 4, the switch tags it with VLAN ID 20. The packet can access port 5 and port 6. The outgoing packet is stripped of its tag to become an untagged packet as it leaves port 6. For port 5, the outgoing packet leaves as a tagged packet with VLAN ID 20. Access Control Lists (ACLs) ACLs ensure that only authorized users can access specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and provide security for the network. ACLs are normally used in firewall routers that are positioned between the internal network and an external network, such as the Internet. They can also be used on a router positioned between two parts of the network to control the traffic entering or exiting a specific part of the internal network. The added packet processing required by the ACL feature does not affect switch performance. That is, ACL processing occurs at wire speed. Access lists are sequential collections of permit and deny conditions. This collection of conditions, known as the filtering criteria, is applied to each packet that is processed by the switch or the router. The forwarding or dropping of a packet is based on whether or not the packet matches the specified criteria. Traffic filtering requires the following two basic steps: 1. Create an access list definition. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Additionally, you can assign traffic that matches the criteria to a particular queue or redirect the traffic to a particular port. A default deny all rule is the last rule of every list. 2. Apply the access list to an interface in the inbound direction. The switch allow ACLs to be bound to physical ports and LAGs. The switch supports MAC ACLs, IPv4 ACLS, and IPv6 ACLs. Sample MAC ACL Configuration The following example shows how to create a MAC-based ACL that permits Ethernet traffic from the Sales department on specified ports and denies all other traffic on those ports. 1. On the MAC ACL page, create an ACL with the name Sales_ACL for the Sales department of your network (see Configure a Basic MAC ACL on page 265). By default, this ACL is bound on the inbound direction, which means that the switch examines traffic as it enters the port. 2. On the MAC Rules page, create a rule for the Sales_ACL with the following settings: Configuration Examples 336 User Manual
![](/manual_guide/products/netgear-ms510tx-user-manual-1a7e2f6/336.png)