Use ACL with Different Actions

ACL (Access Control List) limit the network access and add a layer of security to your network. With VigorSwitch, you can filter the network traffic by MAC addresses, IPv4 addresses or IPv6 addresses. This article introduces how to use different types and actions of ACL.

Permit: Only pass the matched criteria, filter out the others
Deny: Filter the traffic which matches the criteria, accept the others.
Shutdown: Filter the traffic which matches the criteria and shut down the port.

Filter by MAC address with action Permit

In the first scenario, the Network administrator would like to allow PC1 can access router and block PC2.

1. Go to ACL > Create ACL, click MAC tab and add a profile name.

a screenshot of VigorSwitch ACL

2. Go ACL > Create ACL > MAC

  1. Select the profile that you’ve created in step1
  2. Put the sequence for the profile
  3. Choose the Action, here we put Permit
  4. Put PC1 MAC address
  5. Put router MAC address 
a screenshot of VigorSwitch ACL

3. Go to ACL > ACL Binding, select the port GE1 GE2, and choose the ACL profile to apply.

a screenshot of VigorSwitch ACL

4. With the above configuration, PC1 will able to access the router even it connects to GE2, PC2 cannot able to access the router’s web.

Filter by IP address with action Deny

In this scenario, the network administrator would like to block the guest network to access the web server.

1. Go to ACL > Create ACL > IPv4. Create an ACL Profile Name

a screenshot of VigorSwitch ACL

2. Go to ACL > Create ACE > IPv4

  1. Select the profile that you’ve created in step1
  2. Choose the Action, here we put Deny
  3. Put the Protocol
  4. Put Guest network in the Source IP
  5. Put web server in the Destination IP
a screenshot of VigorSwitch ACL

3. Go to ACL > ACL Binding, select ports, IPv4 ACL profile

a screenshot of VigorSwitch ACL

4. With the above configuration, only the guest network (192.168.2.x) will not be able to access the web server(192.168.188.15)

Filter by IPv6 address with Shutdown action Shutdown

In this scenario, the network administrator wants to block guests to use IPv6 service, and also shut down the port that IPv6 packets pass through.

1. Go to ACL > Create ACL > IPv6. Create an ACL Profile Name

a screenshot of VigorSwitch ACL

2. Go to ACL > Create ACE > IPv4

  1. Select the profile that you’ve created in step1
  2. Choose the Action, here we put Shutdown
  3. Put Guest network in the Source IP
  4. Put Any in the Destination IP
a screenshot of VigorSwitch ACL

3. Go to ACL > ACL Binding, select ports, IPv6 ACL profile.

a screenshot of VigorSwitch ACL

4. With the above configuration, the specific port will be shut down if guest network using IPv6.

Published On: Nov 27, 2018 

Was this helpful?     


Related Articles