EasyManuals Logo

D-Link xStack DGS-3610 Series User Manual

D-Link xStack DGS-3610 Series
703 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #603 background imageLoading...
Page #603 background image
DGS-3610 Series Configuration Guide Chapter 44 Access Control List Configuration
44-3
Access lists are usually configured in the following locations of network devices:
Devices between the internal network and external network (such as the Internet)
Devices at the borders of two parts in a network
Devices on the access control port
The execution of the ACL statements must follow the statement order in the table strictly.
Starting from the first statement, once the header of a packet matches a conditional judge
statement in the table, the sequential statements are ignored.
44.1.4 Input/Output ACL, Filtering Domain
Template and Rules
When a device interface receives a packet, the input ACL checks whether the packet
matches an ACE of the input ACL on the interface. When a device interface is ready to
output a packet, the output ACL checks whether the packet matches an ACE of the output
ACL on the interface.
When detailed filtering rules are formulated, all or some of the above eight items may be
used. As long as the packet matches one ACE, the ACL processes the pakcet as the ACE
defined (permit or deny). The ACE of an ACL identifies Ethernet packets according to some
fields of Ethernet packet. The fields include the following:
Layer-2 fields:
48-bit source MAC address (all the 48 bits must be declared)
48-bit destination MAC address (all the 48 bits must be declared)
16-bit layer-2 type field
Layer 3 fields:
Source IP address field (you can specify all the address values of the IP address, or
specify a type of streams of the defined subnet)
Destination IP address field (you can specify all the address values of the IP address, or
specify a type of streams of the defined subnet)
Protocol type fields
Layer 4 fields:
You can specify one TCP source port, destination port, or both
You can specify one UDP source port, destination port, or both
The filtering domain consists of the fields in the packets based on which the packets are
identified and classified when you create an ACE. A filtering domain template is the definition
formed by these field. For example, when one ACE is generated, you want to identify and
classify packets according to the destination IP field of a packet. When another ACE is
generated, you want to identify and classify packets according to the source IP address field

Table of Contents

Other manuals for D-Link xStack DGS-3610 Series

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the D-Link xStack DGS-3610 Series and is the answer not in the manual?

D-Link xStack DGS-3610 Series Specifications

General IconGeneral
BrandD-Link
ModelxStack DGS-3610 Series
CategorySwitch
LanguageEnglish

Related product manuals