Netgear GS716Tv2 GS716Tv2/GS724Tv3 Software Admin Manual - Page 231

GS716Tv2 and GS724Tv3 Software Administration Manual 1. Create an access list definition. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Additionally, you can assign traffic that matches the criteria to a particular queue or redirect the traffic to a particular port. A default deny all rule is the last rule of every list. 2. Apply the access list to an interface in the inbound direction. GS716T/GS724T switches allow ACLs to be bound to VLANs, physical ports, and LAGs. Binding an ACL to a VLAN is efficient because you can bind an ACL to a single VLAN that has multiple ports as members instead of binding an ACL to each port. MAC ACL Example Configuration The following example shows how to create a MAC-based ACL that permits Ethernet traffic from the Sales department on specified ports and denies all other traffic on those ports. 1. From the MAC ACL screen, create an ACL with the name Sales_ACL for the Sales department of your network (See "MAC ACL" on page 5-40). By default, this ACL will be bound on the inbound direction, which means the switch will examine traffic as it enters the port. 2. From the MAC Rules screen, create a rule for the Sales_ACL with the following settings: • ID: 1 • Action: Permit • Assign Queue: 0 • Match Every: False • CoS: 0 • Destination MAC: 01:02:1A:BC:DE:EF • Destination MAC Mask: FF:FF:FF:FF:00:00 • Source MAC: 02:02:1A:BC:DE:EF • Source MAC Mask: FF:FF:FF:FF:00:00 • VLAN ID: 2 For more information about MAC ACL rules, see "MAC Rules" on page 5-42. Configuration Examples B-5 v1.0, July 2009