The Moxa access control list configuration interface is easy-to-use. Users can quickly establish filtering rules,
manage rule priorities, and view overall settings in the display page.
The ACL Concept
What is ACL?
Access control list is a basic traffic filter for ingress and egress packets. It can examine each Ethernet packet’s
information and take necessary action. Moxa Layer 3 switches provide complete filtering capability. Access list
criteria could include the source or destination IP address of the packets, the source or destination MAC
address of the packets, IP protocols, or other information. The ACL can check these criteria to decide whether
to permit or deny access to a packet.
Benefits of ACL
ACL has per interface, per packet direction, and per protocol filtering capability. These features can provide
basic protection by filtering specific packets. The main benefits of ACL are as follows:
• Manage authority of hosts: ACL can restrict specific devices through MAC address filtering. The user can
deny all packets or only permit packets that come from specific devices.
• Subnet authority management: Configure filtering rules for specific subnet IP addresses. ACL can
restrict packets from or to specific subnets.
• Network security: The demand for networking security is growing. ACL can provide basic protection which
works similarly to an Ethernet firewall device.
• Control traffic flow by filtering specific protocols: ACL can filter specific IP protocols such as TCP or
UDP packets.
How ACL works
ACL working structure is based on access lists. Each access list is a filter. When a packet enters into or exits
from a switch, ACL will compare the packet to the rules in the access lists, starting from the first rule. If a packet
is rejected or accepted by the first rule, the switch will drop or pass this packet directly without checking the
rest of the lower-priority rules. In the other words, Access Control List has “Priority Index” as its attribute to
define the priority in the web configuration console.
There are two types of settings for an ACL: the list settings, and the rule settings. In order to be created, an
Access Control List needs the following list settings: Name, Priority Index, Filter Type, and Ports to Apply. Once
created, each Access Control List has its own set of rule settings. Priority Index represents the priority of the
names in the access list. Names at Priority Index 1 have first priority in packet filtering. The Priority Index is
adjustable whenever users need to change the priority. In this function, there are two types of packet filtering
available:
• IP based
• MAC Based
Filter type defines whether the access list will examine packets based on IP or MAC address. This type affects
what detailed rules can be edited. Then, assign the ports you would like to apply the list to. You can also define
Ingress and Egress per port.
After adding a new access control list, you can also create new rules for the access control list. Each ACL group
accepts 10 rules. Rules can filter packets by source and destination IP/MAC address, IP protocol, TCP/UDP Port,
Ethernet Type, and VLAN ID.
After all rules are set, ACL starts to filter the packets by the rule with the highest Priority Index (smaller number,
higher priority). Once a rule denies or accepts its access, the packet will be dropped or passed.
To Next Page
Loading...
Need help?
General
