Netgear FS526Tv2 - 24-Port Smart Switch with Gigabit Ports User Guide
Manage Access Control Lists
207
ProSAFE FS526Tv2, FS726Tv2, and FS728TLP Smart Switches
The following table describes the fields of the MAC Binding Table:
Field
Description
Interface
The port or LAG to which the MAC ACL is bound.
Direction
The packet filtering direction for the MAC ACL. The only valid direction is Inbound, which means
that the MAC ACL rule is applied to traffic entering the port or LAG.
that the MAC ACL rule is applied to traffic entering the port or LAG.
ACL Type
The type of ACL to which the port or LAG is bound. This is a fixed field that always shows MAC
ACL.
ACL ID
The name of the ACL to which the port or LAG is bound.
Seq No
The sequence number that specifies the order of the ACL relative to other ACLs to which the port
or LAG is bound.
or LAG is bound.
Manually Configure and Assign IP ACLs
Similar to a MAC ACL, an IP ACL consists of a set of rules that are matched sequentially
against a packet. With an IP ACL, you specify the IP address of the source device,
destination device, or both. When a packet meets the match criteria of a rule, the specified
rule action (permit or deny) is applied, and any additional rules are not checked for a match
for that packet.
against a packet. With an IP ACL, you specify the IP address of the source device,
destination device, or both. When a packet meets the match criteria of a rule, the specified
rule action (permit or deny) is applied, and any additional rules are not checked for a match
for that packet.
For example, you could define an IP ACL rule that specifies that interface number 20 can
receive TCP packets only. If a UDP packet is received on interface number 20, the packet is
dropped.
receive TCP packets only. If a UDP packet is received on interface number 20, the packet is
dropped.
You can specify two types of IP ACLs:
•
Basic IP ACL. Specify an ID in the range of 1 through 99 and configure the rules on the
IP ACL Rules screen. A basic IP ACL lets you permit or deny traffic from a source IP
address.
IP ACL Rules screen. A basic IP ACL lets you permit or deny traffic from a source IP
address.
•
Extended IP ACL. Specify an ID in the range of 100 through 199 and configure the rules
on the Extended IP ACL Rules screen. An extended IP ACL lets you permit or deny
specific types of Layer 3 or Layer 4 traffic from a source IP address to a destination IP
address. This type of ACL provides more granularity and filtering capabilities than the
basic IP ACL.
on the Extended IP ACL Rules screen. An extended IP ACL lets you permit or deny
specific types of Layer 3 or Layer 4 traffic from a source IP address to a destination IP
address. This type of ACL provides more granularity and filtering capabilities than the
basic IP ACL.
These are the basic steps to configure an IP ACL:
1.
Create an IP-based ACL ID (see
2.
Create a rule and assign it to the ACL (see
209 or
212).
3.
Assign the ACL to an interface (see
You can view the IP ACL configuration on the IP Binding Table (see