How to use ACL on switch?

ACL offers a secure method, adds a restriction to limit network traffic. You can configure ACL profile for MAC addresses, IPv4 addresses or IPv6 addresses to filter the packets, the criteria in the profile will help you to filter the network traffic.
This article will introduce different types of profiles to restrict your network, then demonstrate different actions that you can apply to ports.


Permit: It will only pass the matched criteria, the other will be blocked.
Deny: The traffic will be blocked if the criteria are matched, the other will be permitted.
Shutdown: If the traffic matched the criteria, the traffic will be blocked, and the port will be shut down as well.

1. Filter by MAC address with Permit action:

In the first scenario, the Network administrator would like to allow PC1 can access router and block PC2.

   

1. Go to ACL>Create ACL, click MAC tab and add a profile name

   

2. Go ACL> Create ACL > MAC

  1.  Select the profile that you’ve created in step1
  2. Put the sequence for the profile
  3. Choose the Action, here we put Permit
  4. Put PC1 MAC address
  5. Put router MAC address 

   

3. Go to ACL> ACL Binding, select the port GE1 GE2, and select the ACL profile to apply.

   

4. With above configuration, PC1 will able to access the router even it connects to GE2, PC2 cannot able to access router’s web.

2. Filter by IP address with Deny action:

In this scenario, the network administrator would like to block the guest network to access the web server.

   

1. ACL>Create ACL>IPv4. Create an ACL Profile Name

   

2. Go ACL> Create ACE > IPv4

  1. Select the profile that you’ve created in step1
  2. Choose the Action, here we put Deny
  3. Put the Protocol
  4. Put Guest network in the Source IP
  5. Put web server in the Destination IP
   

3. Go ACL> ACL Binding.

Select ports, IPv4 ACL profile

   

4. With the above configuration, only the guest network (192.168.2.x) will not able to access the web server(192.168.188.15)

3. Filter by IPv6 address with Shutdown action:

In this scenario, network administrator wants to block guests to use IPv6 service, and also shutdown the port that IPv6 packets pass through.

   

1. ACL>Create ACL>IPv6. Create an ACL Profile Name

   

2. Go ACL> Create ACE > IPv4

  1. Select the profile that you’ve created in step1
  2. Choose the Action, here we put Shutdown
  3. Put Guest network in the Source IP
  4. Put Any in the Destination IP
   

3. Go ACL> ACL Binding Select ports, IPv6 ACL profile

   

4. With the above configuration, the specific port will be shut down if guest network using IPv6.

Was this article helpful?
27How to use ACL on switch? has been viewed------ 27 ------times.