Moxa Managed Ethernet Switch (UI_2.0_FW_5.x) User Manual
Benefits of ACL
ACLs support per interface, per packet direction, and per protocol filtering capability. These features can
provide basic protection by f iltering specif ic packets. The main benefits of an ACL are:
• Manage authority of hosts: An ACL can restrict specific devices through MAC address filtering. The
user can deny all packets or only permit packets that come from specific devices.
• Subnet authority management: Conf igure f iltering rules for specific subnet IP addresses. An ACL can
restrict packets from or to specific subnets.
• Network security: The demand f or networking security is growing. An ACL can provide basic
protection that works in a similar manner to an Ethernet f irewall device.
• Control traffic flow by filtering specific protocols: An ACL can filter specific IP protocols such as
TCP or UDP packets.
How an ACL Works
The ACL working structure is based on access lists. Each access list is a filter. When a packet enters into or
exits f rom a switch, the ACL will compare the packet to the rules in the access lists, starting from the first
rule. If a packet is rejected or accepted by the first rule, the switch will drop or pass this packet directly
without checking the rest of the lower-priority rules. In other words, Access Control Lists have “Priority
Index” as an attribute to def ine the priority in the web conf iguration console.
There are two types of settings for an ACL: list settings and rule settings. In order to be created, an Access
Control List needs the f ollowing list settings: Name, Priority Index, Filter Type, and Ports to Apply. Once
created, each Access Control List has its own set of rule settings. Priority Index represents the priority of the
names in the access list. Names at Priority Index 1 have f irst priority in packet f iltering. The Priority Index is
adjustable whenever users need to change the priority. Two types of packet filtering can be used:
• IP based
• MAC Based
MAC Based ACL rules will only apply f or non-IP (or pure Ethernet without IP headers) packets, while IP
Based ACL rules will apply f or the other IP packets. The type affects what detailed rules can be edited. You
can then assign the ports you would like to apply the list to. You can also def ine Ingress and Egress per
port.
After adding a new access control list, you can also create new rules for the access control list. Each ACL
group accepts 10 rules. Rules can filter packets by source and destination IP/MAC address, IP protocol,
TCP/UDP Port, Ethernet Type, and VLAN ID.
After all rules are set, the ACL starts to filter the packets by the rule with the highest Priority Index (smaller
number, higher priority). Once a rule denies or accepts its access, the packet will be dropped or passed.
To Next Page
Loading...
Need help?
General
