Use ACL with Different Actions
ACL (Access Control List) limit the network access and add a layer of security to your network. With VigorSwitch, you can filter the network traffic by MAC addresses, IPv4 addresses or IPv6 addresses. This article introduces how to use different types and actions of ACL.
Permit: Only pass the matched criteria, filter out the others
Deny: Filter the traffic which matches the criteria, accept the others.
Shutdown: Filter the traffic which matches the criteria and shut down the port.
Filter by MAC address with action Permit
In the first scenario, the Network administrator would like to allow PC1 can access router and block PC2.
1. Go to ACL > Create ACL, click MAC tab and add a profile name.
2. Go ACL > Create ACL > MAC
- Select the profile that you’ve created in step1
- Put the sequence for the profile
- Choose the Action, here we put Permit
- Put PC1 MAC address
- Put router MAC address
3. Go to ACL > ACL Binding, select the port GE1 GE2, and choose the ACL profile to apply.
4. With the above configuration, PC1 will able to access the router even it connects to GE2, PC2 cannot able to access the router’s web.
Filter by IP address with action Deny
In this scenario, the network administrator would like to block the guest network to access the web server.
1. Go to ACL > Create ACL > IPv4. Create an ACL Profile Name
2. Go to ACL > Create ACE > IPv4
- Select the profile that you’ve created in step1
- Choose the Action, here we put Deny
- Put the Protocol
- Put Guest network in the Source IP
- Put web server in the Destination IP
3. Go to ACL > ACL Binding, select ports, IPv4 ACL profile
4. With the above configuration, only the guest network (192.168.2.x) will not be able to access the web server(192.168.188.15)
Filter by IPv6 address with Shutdown action Shutdown
In this scenario, the network administrator wants to block guests to use IPv6 service, and also shut down the port that IPv6 packets pass through.
1. Go to ACL > Create ACL > IPv6. Create an ACL Profile Name
2. Go to ACL > Create ACE > IPv4
- Select the profile that you’ve created in step1
- Choose the Action, here we put Shutdown
- Put Guest network in the Source IP
- Put Any in the Destination IP
3. Go to ACL > ACL Binding, select ports, IPv6 ACL profile.
4. With the above configuration, the specific port will be shut down if guest network using IPv6.
Published On:2018-11-27
Was this helpful?