Netgear FS728TPv2 FS728TP Software Administration Manual - Page 174

FS728TP Smart Switch Software Administration Manual Configuring Access Control Lists Access Control Lists (ACLs) ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and above all provide security for the network. FS728TP Smart Switch software supports IPv4 and MAC ACLs. Note: The FS728TP Smart Switch does not support mixed ACLs on same interface. In other words, you can bind MAC ACLs or IP ACLs to an interface, but you cannot bind both ACL types to an interface. To configure an ACL, first create an IPv4-based or MAC-based ACL ID. Then, create a rule and assign it to a unique ACL ID. Next, define the rules, which can identify protocols, source, and destination IP and MAC addresses, and other packet-matching criteria. Finally, use the ID number to assign the ACL to a port or to a LAG. The Security  ACL folder contains links to the following features: • Basic: • MAC ACL on page 174 • MAC Rules on page 175 • MAC Binding Configuration on page 177 • MAC Binding Table on page 178 • Advanced: • IP ACL on page 179 • IP Rules on page 181 • IP Extended Rule on page 182 • IP Binding Configuration on page 185 • IP Binding Table on page 187 MAC ACL A MAC ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match. There are multiple steps involved in defining a MAC ACL and applying it to the switch: 1. Use the MAC ACL page to create the ACL ID. 2. Use the MAC Rules page to create rules for the ACL. 3. Use the MAC Binding Configuration page to assign the ACL by its ID number to a port. 174 | Chapter 5: Managing Device Security