Netgear FS728TLP Web Management User Guide - Page 310
Access Control Lists, Traffic Filtering Concepts
View all Netgear FS728TLP manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 310 highlights
ProSAFE FS526Tv2, FS726Tv2, and FS728TLP Smart Switches Packets that enter these ports are tagged with the port VLAN ID. For more information about configuring PVIDs, see Configure Port VLAN IDs for Ports and LAGs on page 85. With the VLAN configuration that you have created, the following situations produce results as described: • If an untagged packet enters port 1, the switch tags it with VLAN ID 10. The packet has access to port 2 and port 3. The outgoing packet is stripped of its tag to leave port 2 as an untagged packet. For port 3, the outgoing packet leaves as a tagged packet with VLAN ID 10. • If a tagged packet with VLAN ID 10 enters port 3, the packet has access to port 1 and port 2. If the packet leaves port 1 or port 2, it is stripped of its tag to leave the switch as an untagged packet. • If an untagged packet enters port 4, the switch tags it with VLAN ID 20. The packet has access to port 5 and port 6. The outgoing packet is stripped of its tag to become an untagged packet as it leaves port 6. For port 5, the outgoing packet leaves as a tagged packet with VLAN ID 20. Access Control Lists Access control lists (ACLs) ensure that only authorized users have access to specific resources while blocking any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, determine which types of traffic are forwarded or blocked, and provide security for the network. ACLs are normally used in firewall routers that are positioned between the internal network and an external network, such as the Internet. ACLs can also be used on a router or switch positioned between two parts of the network to control the traffic entering or leaving a specific part of the internal network. The additional packet processing that ACLs require does not affect the performance of the smart switch. (ACL processing occurs at wire speed.) ACLs are a sequential collection of permit and deny conditions. This collection of conditions, known as the filtering criteria, is applied to each packet that the router or switch processes. The forwarding or dropping of a packet is based on whether the packet matches the specified criteria. Traffic Filtering Concepts Traffic filtering requires the following two basic steps: 1. Creating an ACL definition. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Additionally, you can assign traffic that matches the criteria to a particular queue or redirect the traffic to a particular port. The configuration includes a default deny all IP traffic rule that is the last rule of the IP ACL table and a Configuration Examples 310