DES-7200 Configuration Guide Chapter 1 Access Control List
Configuration
1-1
1 Access Control List
Configuration
1.1 Overview
As part of our security solution, ACL is used to provide a powerful data flow filtering
function. At present, our product supports the following access lists:
IP access control list(Standard/Extended)
MAC extended access control list
Expert extended access control list
IPV6 extended access control list
Depending on the conditions of networks, you can choose different access control lists
to control data flows.
1.1.1 Access Control List
Introduction
ACLs is the shortened form of Access Control Lists, or Access Lists. It is also popularly
called firewall, or packet filtering in some documentation. ACL controls the messages
on the device interface by defining some rules: Permit or Deny. According to usage
ranges, they can be divided into ACLs and QoS ACLs.
By filtering the data streams, you can restrict the communication data types in the
network and restrict the users of the network and the device they can use. When data
streams pass the switch, ACLs classify and filter them, that is, check the data streams
input from the specified interface and determine whether to permit or deny them
according to the matching conditions.
To sum up, the security ACL is used to control which dataflow is allowed to pass
through the network device. The QoS policy performs priority classification and
processing for the dataflow.
ACLs consist of a series of entries, known as Access Control Entry (ACE). Each entry
specifies its matching condition and behavior.
Access list rules can be about the source addresses, destination addresses, upper
layer protocols, time-ranges or other information of data flows.