User's Manual
Table Of Contents
- 1. INTRODUCTION
- 2. INSTALLATION
- 3. SWITCH MANAGEMENT
- 4. WEB CONFIGURATION
- 4.1 Main Web Page
- 4.2 System
- 4.3 Port Management
- 4.4 Link Aggregation
- 4.5 VLAN
- 4.5.1 VLAN Overview
- 4.5.2 IEEE 802.1Q VLAN
- 4.5.3 Management VLAN
- 4.5.4 Create VLAN
- 4.5.5 Interface Settings
- 4.5.6 Port to VLAN
- 4.5.7 Port VLAN Membership
- 4.5.8 Protocol VLAN Group Setting
- 4.5.9 Protocol VLAN Port Setting
- 4.5.10 GVRP Setting
- 4.5.11 GVRP Port Setting
- 4.5.12 GVRP VLAN
- 4.5.13 GVRP Statistics
- 4.5.14 VLAN setting example:
- 4.6 Spanning Tree Protocol
- 4.7 Multicast
- 4.8 Quality of Service
- 4.9 Security
- 4.10 ACL
- 4.11 MAC Address Table
- 4.12 LLDP
- 4.13 Diagnostics
- 4.14 Power over Ethernet (GS-4210-16P2S and GS-4210-24P2S only)
- 4.15 RMON
- 4.16 Maintenance
- 5. COMMAND LINE INTERFACE
- 6. Command Line Mode
- 6.1 User Mode Commands
- 6.2 Privileged Mode Commands
- 6.2.1 clear command
- 6.2.2 clock command
- 6.2.3 configure command
- 6.2.4 copy command
- 6.2.5 debug command
- 6.2.6 delete command
- 6.2.7 disable command
- 6.2.8 end command
- 6.2.9 exit command
- 6.2.10 no command
- 6.2.11 ping command
- 6.2.12 reboot command
- 6.2.13 renew command
- 6.2.14 restore-defaults command
- 6.2.15 save command
- 6.2.16 show command
- 6.2.17 ssl command
- 6.2.18 traceroute command
- 6.2.19 udld command
- 6.3 Global Config Mode Commands
- 6.3.1 aaa Command
- 6.3.2 boot Command
- 6.3.3 bridge Command
- 6.3.4 class-map Command
- 6.3.5 clock Command
- 6.3.6 dos Command
- 6.3.7 dot1x Command
- 6.3.8 do Command
- 6.3.9 enable Command
- 6.3.10 end Command
- 6.3.11 errdisable Command
- 6.3.12 exit Command
- 6.3.13 gvrp Command
- 6.3.14 hostname Command
- 6.3.15 interface Command
- 6.3.16 ip Command
- 6.3.17 ipv6 Command
- 6.3.18 jumbo-frame Command
- 6.3.19 l2 Command
- 6.3.20 lacp Command
- 6.3.21 lag Command
- 6.3.22 line Command
- 6.3.23 lldp Command
- 6.3.24 logging Command
- 6.3.25 mac Command
- 6.3.26 management-vlan Command
- 6.3.27 mirror Command
- 6.3.28 no Command
- 6.3.29 policy-map Command
- 6.3.30 port-security Command
- 6.3.31 qos Command
- 6.3.32 radius Command
- 6.3.33 rate-limit Command
- 6.3.34 rmon Command
- 6.3.35 Snmp Command
- 6.3.36 sntp Command
- 6.3.37 spanning-tree Command
- 6.3.38 storm-control Command
- 6.3.39 system Command
- 6.3.40 tacacs Command
- 6.3.41 udld Command
- 6.3.42 username Command
- 6.3.43 vlan Command
- 6.3.44 voice-vlan Command
- 7. SWITCH OPERATION
- 8. POWER OVER ETHERNET OVERVIEW
- 9. TROUBLESHOOTING
- APPENDIX A
User’s Manual of GS-4210-16T2S_24T2S_16P2S_24P2S_48T4S
307
4.10 ACL
ACL is an acronym for Access Control List. It is the list table of ACEs, containing access control entries that specify individual
users or groups permitted or denied to specific traffic objects, such as a process or a program. Each accessible traffic object
contains an identifier to its ACL. The privileges determine whether there are specific traffic object access rights.
ACL implementations can be quite complex, for example, when the ACEs are prioritized for the various situation. In networking,
the ACL refers to a list of service ports or network services that are available on a host or server, each with a list of hosts or
servers permitted or denied to use the service. ACL can generally be configured to control inbound traffic, and in this context,
they are similar to firewalls.
ACE is an acronym for Access Control Entry. It describes access permission associated with a particular ACE ID.
There are three ACE frame types (Ethernet Type, ARP, and IPv4) and two ACE actions (permit and deny). The ACE also
contains many detailed, different parameter options that are available for individual application.
The ACL page contains links to the following main topics:
MAC-Based ACL Configuration MAC-based ACL setting
MAC-Based ACE Add/Edit/Delete the MAC-based ACE (Access Control Entry) setting
IPv4-Based ACL Configuration IPv4-based ACL setting
IPv4-Based ACE Add/Edit/Delete the IPv4-based ACE (Access Control Entry) setting
IPv6-Based ACL Configuration IPv6-based ACL setting
IPv6-Based ACE Add/Edit/Delete the IPv6-based ACE (Access Control Entry) setting
ACL Binding Configure the ACL parameters (ACE) of each switch port.
4.10.1 MAC-Based ACL
This page shows the ACL status by different ACL users. Each row describes the ACE that is defined. It is a conflict if a specific
ACE is not applied to the hardware due to hardware limitations. MAC-Based ACL screens in Figure 4-10-1 and Figure 4-10-2
appear.
Figure 4-10-1: MAC-Based ACL Page Screenshot
The page includes the following fields:
Object Description
• ACL Name
Create a named MAC-based ACL list.