MAC ACL: MAC ACLs are used to filter traffic on a specific source MAC address or range of MAC addresses.

MAC ACE: When a frame is received on a port, the switch processes the frame through the first ACL. If the frame matches an ACE filter of the first ACL, the ACE action takes place. If the frame matches none of the ACE filters, the next ACL is processed.

IPv4 ACL: An ACL contains the hosts that are permitted or denied access to the network device. The IPv4-based ACL is a list of source IPv4 addresses that use Layer 3 information to permit or deny access to traffic. IPv4 ACLs restrict IP-related traffic based on the configured IP filters.

IPv4 ACE: An Access Control List (ACL) is a list of one or more Access Control Entries (ACEs), where each ACE consists of a matching criteria and an action on IPV4 packets (permit or deny). Each ace has a sequence number to define the order, list of match criteria.

IPv6 ACL: IPv6 ACLs support the same options as IPv4 ACLs including source, destination IP , source and destination ports. You can enable only IPv4 traffic in your network by blocking IPv6 traffic.

IPv6 ACE: An Access Control List (ACL) is a list of one or more Access Control Entries (ACEs), where each ACE consists of a matching criteria and an action on IPv6 Packets (permit or deny). Each ace has a sequence number to define the order, list of match criteria.

ACL Binding:

This page shows configuration of MAC, IPv4 & IPV6 Access List. An Access Control List (ACL) is an ordered list of classification filters and actions. Each single classification rule, together with its action, is called an Access Control Element (ACE). Each ACE is made up of filters that distinguish traffic groups and associated actions.

A single ACL may contain one or more ACEs, which are matched against the contents of incoming frames. Either a DENY or PERMIT action is applied to frames whose contents match the filter.

13.1 MAC ACL

MAC-based ACLs are used to filter traffic based on Layer 2 fields. MAC-based ACLs check all frames for a match. This page allow user to add or delete ACL rule. A rule cannot be deleted if under binding.

To view and configure MAC ACL , click ACL >> MAC ACL.

Fig 13.1.1 Default MAC ACL Table page

13.1.2 MAC ACL Table after creating COMMANDO page

13.2 MAC ACE

This page allow user to add, edit or delete ACE rule. An ACE rule cannot be edited or deleted if ACL under binding. New ACE cannot be added if ACL under binding.

To view and configure MAC ACE, click ACL >> MAC ACE

Fig 13.2.1 Default MAC ACE page

Fig 13.2.2 Add MAC ACE page

Fig 13.2.3 MAC ACE Table page

13.3 IPv4 ACL

IPv4-based ACLs are used to check IPv4 packets, while other types of frames, such as ARPs, are not checked.This page allow user to add or delete IPv4 ACL rule. A rule cannot be deleted if under binding.

To view and configure IPv4 ACL , click ACL >> IPv4 ACL

Fig 13.3.1 Default ACL Table page

Fig 13.3.2 Edit IPv4 ACL Name page

Fig 13.3.3 IPv4 ACL Table after creating COMMANDO1 ACL page

13.4 IPv4 ACE

This page allow user to add, edit or delete ACE rule. An ACE rule cannot be edited or deleted if ACL under binding. New ACE cannot be added if ACL under binding.

To display IPv4 ACE page, click ACL >> IPv4 ACE

Fig 13.4.1 Default IPv4 ACE Table page

Fig 13.4.2 Add IPv4 ACE page

Fig 13.4.3 IPv4 ACE Table page

13.5 IPv6 ACL

The IPv6-Based ACL page displays and enables the creation of IPv6 ACLs, which check pure IPv6-based traffic. IPv6 ACLs do not check IPv6-over-IPv4 or ARP packets. This page allow user to add or delete Ipv6 ACL rule. A rule cannot be deleted if

under binding.

To view and configure IPv6 ACL page, click ACL >> IPv6 ACL

Fig 13.5.1 Default IPv6 ACL Table page

Fig 13.5.2 IPv6 ACL Table after changing page

13.6 IPv6 ACE

This page allow user to add, edit or delete ACE rule. An ACE rule cannot be edited or

deleted if ACL under binding. New ACE cannot be added if ACL under binding.

To view and configure IPv6 ACE page, click ACL >> IPv6 ACE

Fig 13.6.1 Default IPv6 ACE Table page

Fig 13.6.2 Add IPv6 ACE page

Fig 13.6.3 IPv6 ACE table after adding ACE page

13.7 ACL Binding

When an ACL is bound to an interface (port, LAG or VLAN), its ACE rules are applied to packets arriving at that interface. Packets that do not match any of the ACEs in the ACL are matched to a default rule, whose action is to drop unmatched packets.

Although each interface can be bound to only one ACL, multiple interfaces can be bound to the same ACL by grouping them into a policy-map and binding that policy-map to the interface.

After an ACL is bound to an interface, it cannot be edited, modified, or deleted until it is removed from all the ports to which it is bound or in use. This page allow user to bind or unbind ACL rule to or from interface. IPv4 and Ipv6 ACL cannot be bound to the same port simultaneously.

To view and configure ACL Binding page, click ACL >> ACL Binding

Fig 13.7.1 ACL Binding Table page

Fig 13.7.2 Selecting port for ACL Binding page

Fig 13.7.3 Add ACL Binding page

Fig 13.7.4 ACL Binding Table after Enableing GE1 port page