Netgear M4100-12GF (GSM7212F) - ProSAFE Gigabit L2+ Managed Switch Manual De Usuario
Configuration Examples
433
M4100 Series Managed Switch
•
If an untagged packet enters port 4, the switch tags it with VLAN ID 20. The packet
has access to port 5 and port 6. The outgoing packet is stripped of its tag to become
an untagged packet as it leaves port 6. For port 5, the outgoing packet leaves as a
tagged packet with VLAN ID 20.
has access to port 5 and port 6. The outgoing packet is stripped of its tag to become
an untagged packet as it leaves port 6. For port 5, the outgoing packet leaves as a
tagged packet with VLAN ID 20.
Access Control Lists
Access control lists (ACLs) ensure that only authorized users can access specific resources
while blocking off any unwarranted attempts to reach network resources.
while blocking off any unwarranted attempts to reach network resources.
ACLs are used to provide traffic flow control, restrict contents of routing updates, decide
which types of traffic are forwarded or blocked, and provide security for the network. ACLs
are normally used in firewall routers that are positioned between the internal network and an
external network, such as the Internet. They can also be used on a router positioned between
two parts of the network to control the traffic entering or exiting a specific part of the internal
network. The added packet processing required by the ACL feature does not affect switch
performance. That is, ACL processing occurs at wire speed.
are normally used in firewall routers that are positioned between the internal network and an
external network, such as the Internet. They can also be used on a router positioned between
two parts of the network to control the traffic entering or exiting a specific part of the internal
network. The added packet processing required by the ACL feature does not affect switch
performance. That is, ACL processing occurs at wire speed.
Access lists are a sequential collection of permit and deny conditions. This collection of
conditions, known as the filtering criteria, is applied to each packet that is processed by the
switch or the router. The forwarding or dropping of a packet is based on whether or not the
packet matches the specified criteria.
switch or the router. The forwarding or dropping of a packet is based on whether or not the
packet matches the specified criteria.
Traffic filtering requires the following two basic steps:
1.
Create an access list definition.
The access list definition includes rules that specify whether traffic matching the criteria is
forwarded normally or discarded. Additionally, you can assign traffic that matches the
criteria to a particular queue or redirect the traffic to a particular port. A default deny all
rule is the last rule of every list.
forwarded normally or discarded. Additionally, you can assign traffic that matches the
criteria to a particular queue or redirect the traffic to a particular port. A default deny all
rule is the last rule of every list.
2.
APPLY the access list to an interface in the inbound direction.
The managed switch allows ACLs to be bound to physical ports and LAGs. The switch
software supports MAC ACLs and IP ACLs.
software supports MAC ACLs and IP ACLs.
MAC ACL Sample Configuration
The following example shows how to create a MAC-based ACL that permits Ethernet traffic
from the Sales department on specified ports and denies all other traffic on those ports.
from the Sales department on specified ports and denies all other traffic on those ports.
1.
From the MAC ACL screen, create an ACL with the name Sales_ACL for the Sales
department of your network.
department of your network.
See
By default, this ACL is bound on the inbound direction, which means the switch examines
traffic as it enters the port.
traffic as it enters the port.
2.
From the MAC Rules screen, create a rule for the Sales_ACL with the following settings:
•
ID: 1