D-Link DGS-6600-48TS Configuration Guide - Page 415
Configuration Overview, Access Control List Operation, Create a Time Range
View all D-Link DGS-6600-48TS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 415 highlights
Volume 8-Security & Authentication / Chapter 38-Access Control Lists (ACL) Configuration Overview The user can apply access control lists to physical port interfaces to act as ingress check lists. A packet ingressing to a switch port will be checked and matched against the ingress access control list to determine whether to drop or permit the packet. For each individual port, up to one MAC access control list, one IP access control list and one IPv6 access control list can be applied. Be aware that any ingress packet that matches ACL criteria will follow the ACL statement, including control packets such as BPDU, IGMP, etc. Before using an ACL to filter out traffic, the user has to make sure whether the ACL will also filter out all of the traffic, which may be BPDU, IGMP, etc., control packets. Figure 38-1 Access Control List Operation MAC, IP and IPv6 access control lists can be applied to physical ports for traffic filtering. IP basic access control lists can also be applied to upper layer protocol modules such as PIM or route map to control the update of routes Configuration Overview The following section provides an overview for configuring an access control list. 1) Create a Time Range This step is optional and allows the user to define a time range control that can be associated with an ACL entry. If a time range control does not need to be defined for the ACL entry, the user can skip this step and configure an access control list following the steps outlined below. The settings that are configured in the ACLs will take effect as soon as the Switch is powered up and will be retained until the user removes the ACL entry. 2) Setup Criteria for Access Control Lists Multiple criteria can be defined by the user, as either a permit or deny statement. • The Implied "Deny All Traffic" Criteria Statement At the end of every access list is an implied "deny all traffic" criteria statement. Therefore, if a packet does not match any of the defined criteria statements, the packet will be dropped. DGS-6600 Configuration Guide 415