Netgear GS716Tv2 GS716Tv2/GS724Tv3 Software Admin Manual - Page 230

GS716Tv2 and GS724Tv3 Software Administration Manual Access Control Lists (ACLs) ACLs ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and provide security for the network. ACLs are normally used in firewall routers that are positioned between the internal network and an external network, such as the Internet. They can also be used on a router positioned between two parts of the network to control the traffic entering or exiting a specific part of the internal network. The added packet processing required by the ACL feature does not affect switch performance. That is, ACL processing occurs at wire speed. Access lists are a sequential collection of permit and deny conditions. This collection of conditions, known as the filtering criteria, is applied to each packet that is processed by the switch or the router. The forwarding or dropping of a packet is based on whether or not the packet matches the specified criteria. The GS716T/GS724T switch supports MAC ACLs and IP ACLs. The match criteria for MAC access lists can include the following information: • Source MAC address • Destination MAC address • EtherType • VLAN ID • COS The match criteria for IP access lists can include the following information: • Source IP address • Destination IP address • IP Protocol • IP Precedence • IP DSCP • Layer 4 Source Port • Layer 4 Destination Port Traffic filtering requires the following two basic steps: B-4 Configuration Examples v1.0, July 2009