Netgear GS110TP GS108T/ GS110TP Smart Switch Software Administration Manual - Page 187

GS108T and GS110TP Smart Switch Software Administration Manual IP ACL IP ACLs allow network managers to define classification actions and rules for specific ingress ports. Packets can be filtered on ingress (inbound) ports only. If the filter rules match, then some actions can be taken, including dropping the packet or disabling the port. For example, a network administrator defines an ACL rule that says port number 20 can receive TCP packets. However, if a UDP packet is received the packet is dropped. ACLs are composed of access control entries (ACE), or rules, that consist of the filters that determine traffic classifications. Use the IP ACL Configuration page to add or remove IP-based ACLs. To display the IP ACL page, click Security  ACL, then click the Advanced  IP ACL link. The IP ACL area shows the current size of the ACL table versus the maximum size of the ACL table. The current size is equal to the number of configured IPv4 plus the number of configured MAC ACLs. The maximum size is 100. To configure an IP ACL: 1. In the IP ACL ID field, specify the ACL ID. The ID is an integer in the following range: • 1-99: Creates an IP Standard ACL, which allows you to permit or deny traffic from a source IP address. • 100-199: Creates an IP Extended ACL, which allows you to permit or deny specific types of layer 3 or layer 4 traffic from a source IP address to a destination IP address. This type of ACL provides more granularity and filtering capabilities than the standard IP ACL. Each configured ACL displays the following information: • Rules. Displays the number of rules currently configured for the IP ACL. • Type. Identifies the ACL as either a standard or extended IP ACL. Chapter 5: Managing Device Security | 187