Motorola WS5100 用户手册
6-20 WS5100 Series Switch System Reference Guide
6.5.2 Configuring an ACL
Configure an ACL to enforce privilege separation and determine appropriate switch access permissions for
groups and users.
groups and users.
To configure an ACL:
1. Select
Security
>
ACLs
from the main tree menu.
2. Click the
Configuration
tab.
3. The Configuration tab consists of the following two fields:
• ACLs - existing access lists
• Associated Rules - allow/deny rules
The
ACLs
field displays the list of ACLs currently associated with the switch. An ACL contains an ordered
list of ACEs. Each ACE specifies a permit or deny designation and a set of conditions the packet must
satisfy in order to match the ACE. Because the switch stops testing conditions after the first match, the
order of conditions in the list is critical.
satisfy in order to match the ACE. Because the switch stops testing conditions after the first match, the
order of conditions in the list is critical.
4. If an existing ACL no longer satisfies switch access control requirements, select it from amongst the
existing ACLs and click the
Delete
button.
5. Use the
Add
button (within the ACLs field) to add an additional ACL. For more information, see Adding a
6. Refer to the
Associated Rules
field to assess the rules and precedence associated with each ACL. If
necessary, rules and can be added or existing rules modified. For more information, see Adding a New
ACL Rule on page 6-21.
ACL Rule on page 6-21.
6.5.2.1 Adding a New ACL
When a packet is received by the switch, the switch compares the packet against the ACL to verify t the
packet has the required permissions to be forwarded. Often, ACLs need to be added as client permissions
change during switch operation.
packet has the required permissions to be forwarded. Often, ACLs need to be added as client permissions
change during switch operation.