Configuration Guide Access Control List Configuration
Access Control List Configuration
Overview
As part of our security solution, ACL is used to provide a powerful data flow filtering function. At
present, our product supports the following access lists:
Standard IP access control list
Extended IP access control list
MAC access control list
MAC extended access control list
Expert extended access control list
IPV6 extended access control list
Depending on the conditions of networks, you can choose different access control lists to control data
flows.
Access Control List Introduction
ACLs is the shortened form of Access Control Lists, or Access Lists. It is also popularly called firewall,
or packet filtering in some documentation. ACL controls the messages on the device interface by
defining some rules: Permit or Deny. According to usage ranges, they can be divided into ACLs and
QoS ACLs.
By filtering the data streams, you can restrict the communication data types in the network and restrict
the users of the network and the device they can use. When data streams pass the switch, ACLs
classify and filter them, that is, check the data streams input from the specified interface and
determine whether to permit or deny them according to the matching conditions.
To sum up, the security ACL is used to control which dataflow is allowed to pass through the network
device. The QoS policy performs priority classification and processing for the dataflow.
ACLs consist of a series of entries, known as Access Control Entry (ACE). Each entry specifies its
matching condition and behavior.
Access list rules can be about the source addresses, destination addresses, upper layer protocols,
time-ranges or other information of data flows.
Why to Configure Access Lists
There are many reasons why we need configure access lists. Some of them are as follows:
Restrict route updating: Control where to send and receive the route updating information.
Restrict network access: To ensure network security, by defining rules, make users unable to
access some services. (When a user only need access the WWW and E-mail services, then
To Next Page
Loading...
