TP-Link OC200 Omada Controller Software 4.1.5Windows/Linux User Guide - Page 89

Network Security, ACL

Get TP-Link OC200 PDF manuals and user guides View all TP-Link OC200 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 89 highlights

Chapter 4 Configure the Network with Omada SDN Controller 4. 5 Network Security Network Security is a portfolio of features designed to improve the usability and ensure the safety of your network and data. Network security services include ACL, URL Filtering, and Attack Defense, which implement policies and controls on multiple layers of defenses in the network. 4. 5. 1 ACL Overview ACL (Access Control List) allows a network administrator to create rules to restrict access to network resources. ACL rules filter traffic based on specified criteria such as source IP addresses, destination IP addresses, and port numbers, and determine whether to forward the matched packets. These rules can be applied to specific clients or groups whose traffic passes through the gateway, switches and EAPs. The system filters traffic against the rules in the list sequentially. The first match determines whether the packet is accepted or dropped, and other rules are not checked after the first match. Therefore, the order of the rules is critical. By default, the rules are prioritized by their created time. The rule created earlier is checked for a match with higher priority. To reorder the rules, select a rule and drag it to a new position. If no rules match, the device forwards the packet because of an implicit Permit All clause. The system provides three types of ACL: ■■ Gateway ACL After Gateway ACLs are configured on the controller, they can be applied to the gateway to control traffic which is sourced from LAN ports and forwarded to the WAN ports. You can set the Network, IP address, port number of a packet as packet-filtering criteria in the rule. ■■ Switch ACL After Switch ACLs are configured on the controller, they can be applied to the switch to control inbound and outbound traffic through switch ports. You can set the Network, IP address, port number and MAC address of a packet as packet-filtering criteria in the rule. ■■ EAP ACL After EAP ACLs are configured on the controller, they can be applied to the EAPs to control traffic in wireless networks. You can set the Network, IP address, port number and SSID of a packet as packet-filtering criteria in the rule. Configuration To complete the ACL configuration, follow these steps: 7 ) Create an ACL with the specified type. 87

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
87
Chapter 4
Configure the Network with Omada SDN Controller
4. 5 Network Security
Network Security is a portfolio of features designed to improve the usability and ensure the safety
of your network and data. Network security services include
ACL
,
URL Filtering
, and
Attack Defense
,
which implement policies and controls on multiple layers of defenses in the network.
4. 5. 1
ACL
Overview
ACL (Access Control List) allows a network administrator to create rules to restrict access to network
resources. ACL rules filter traffic based on specified criteria such as source IP addresses, destination
IP addresses, and port numbers, and determine whether to forward the matched packets. These rules
can be applied to specific clients or groups whose traffic passes through the gateway, switches and
EAPs.
The system filters traffic against the rules in the list sequentially. The first match determines whether
the packet is accepted or dropped, and other rules are not checked after the first match. Therefore, the
order of the rules is critical. By default, the rules are prioritized by their created time. The rule created
earlier is checked for a match with higher priority. To reorder the rules, select a rule and drag it to a new
position. If no rules match, the device forwards the packet because of an implicit Permit All clause.
The system provides three types of ACL:
Gateway ACL
After Gateway ACLs are configured on the controller, they can be applied to the gateway to control
traffic which is sourced from LAN ports and forwarded to the WAN ports.
You can set the Network, IP address, port number of a packet as packet-filtering criteria in the rule.
Switch ACL
After Switch ACLs are configured on the controller, they can be applied to the switch to control
inbound and outbound traffic through switch ports.
You can set the Network, IP address, port number and MAC address of a packet as packet-filtering
criteria in the rule.
EAP ACL
After EAP ACLs are configured on the controller, they can be applied to the EAPs to control traffic
in wireless networks.
You can set the Network, IP address, port number and SSID of a packet as packet-filtering criteria
in the rule.
Configuration
To complete the ACL configuration, follow these steps:
7 )
Create an ACL with the specified type.