Moxa PT-7528-16MSC-8TX-4GSFP-HV [99/116] Using access control list

PT-7528 Series Advanced Settings

4-79

Using Access Control List

NOTE

Access Control Lists are available in Moxa Layer 3 switches.

Access control lists (ACL) increase the flexibility and security of networking management.

ACL provides traffic filter capabilities for ingress or egress packets. Moxa access control list helps manage filter

criteria for diverse protocols and allows users to configure customized filter criteria. For example, users can

deny access to specific source or destination IP/MAC addresses.

The Moxa access control list configuration interface is easy-to-use. Users can quickly establish filtering rules,

manage rule priorities, and view overall settings in the display page.

The ACL Concept

What is ACL?

Access control list is a basic traffic filter for ingress and egress packets. It can examine each Ethernet packet’s

information and take necessary action. Moxa Layer 3 switches provide complete filtering capability. Access list

criteria could include the source or destination IP address of the packets, the source or destination MAC

address of the packets, IP protocols, or other information. The ACL can check these criteria to decide whether

to permit or deny access to a packet.

Benefits of ACL

ACL has per interface, per packet direction, and per protocol filtering capability. These features can provide

basic protection by filtering specific packets. The main benefits of ACL are as follows:

• Manage authority of hosts: ACL can restrict specific devices through MAC address filtering. The user can

deny all packets or only permit packets that come from specific devices.

• Subnet authority management: Configure filtering rules for specific subnet IP addresses. ACL can

restrict packets from or to specific subnets.

• Network security: The demand for networking security is growing. ACL can provide basic protection which

works similarly to an Ethernet firewall device.

• Control traffic flow by filtering specific protocols: ACL can filter specific IP protocols such as TCP or

UDP packets.

How ACL works

ACL working structure is based on access lists. Each access list is a filter. When a packet enters into or exits

from a switch, ACL will compare the packet to the rules in the access lists, starting from the first rule. If a packet

is rejected or accepted by the first rule, the switch will drop or pass this packet directly without checking the

rest of the lower-priority rules. In the other words, Access Control List has “Priority Index” as its attribute to

define the priority in the web configuration console.

There are two types of settings for an ACL: the list settings, and the rule settings. In order to be created, an

Access Control List needs the following list settings: Name, Priority Index, Filter Type, and Ports to Apply. Once

created, each Access Control List has its own set of rule settings. Priority Index represents the priority of the

names in the access list. Names at Priority Index 1 have first priority in packet filtering. The Priority Index is

adjustable whenever users need to change the priority. In this function, there are two types of packet filtering

available:

• IP based

• MAC Based