Storm season is back, bringing with it the potential for significant weather events. If you have clients in areas prone to infrastructure disruption, visit the Disaster Recovery Resources guide for preparedness information. Datto recommends performing proactive disaster recovery testing to mitigate potential downtime. See our articles about the importance of disaster recovery testing and Preparing For A Cloud Virtualization Test: Policies, Procedures, And Partner Responsibilities to learn more. For live updates, follow @datto on Twitter.

Datto Switches: Access Control Lists

Follow

Topic

This article describes Access Control Lists (ACLs) and how to implement both MAC and IPv4 based ACLs on Datto Switches.

Environment

Datto Switches

Overview

Access Control Lists (ACLs) allow you to set rules that tell a switch how to make decisions about whether to allow or drop a given packet based on its MAC address or IP Address.

Datto switches allow for multiple ACLs, with multiple rules (Access Control List Entries) within each ACL. Each ACL is identified by its name, and all the individual entries within the same ACL, use the same ACL name. Up to 3000 total ACL entries are supported, with up to 256 entries per ACL.

Procedure

1. Navigate to a device web session for your switch.

2. Click on Switch Settings, as seen in Figure 1.

Figure 1: Switch Settings

3. Click the Enable checkbox in the Access Control List row, as seen in Figure 2.

Figure 2: Enabling ACL

4. Follow the respective settings for both MAC based and IPv4 based ACLs.

MAC Based ACLs

The following steps will guide you on creating a MAC ACL entry:

1. Click Add New above the MAC Based table, as seen in Figure 3.

Figure 3: The Add New MAC Based ACL button

2. Complete the following fields as seen in Figure 4.Figure 4: Create MAC ACL Entry

A. New ACL name: Enter the name of your ACL. If an existing ACL is present on the switch, you can either add an additional entry to that ACL, or create a new ACL altogether. ACL names cannot be renamed once created. The ACL must be deleted and recreated.
B. Sequence: Enter the sequence number of the ACL entry. Multiple entries in an ACL will be processed in order based on this number. The sequence number cannot be modified once created. The ACL must be deleted and recreated.
C. Action: Specify whether packets associated with MAC addressed defined in this ACL will be permitted or denied.
D. Source MAC: Specify the source MAC address of the incoming packet. Choose Custom to enter a specific MAC address. To specify a wildcard, use the '*' symbol.  Enter Any in the text field or leave the field following Custom blank to apply to all MAC addresses.
E. Destination MAC: Specify the destination MAC address of the incoming packet. Choose Custom to enter a specific MAC address. To specify a wildcard, use the '*' symbol.  Enter Any in the text field or leave the field following Custom blank to apply to all MAC addresses.

3. Click Create.

IPv4 Based ACLs

The following steps will guide you on creating a IPv4 ACL entry:

1. Click Add New above the IPv4 Based table, as seen in Figure 5.

Figure 5: The Add New IPv4 Based ACL button

2. Complete the following fields as seen in Figure 6.

Figure 6: Create IPv4 ACL Entry

A. New ACL name: Enter the name of your ACL. If an existing ACL is present on the switch, you can either add an additional entry to that ACL, or create a new ACL altogether. ACL names cannot be renamed once created. The ACL must be deleted and recreated.
B. Sequence: Enter the sequence number of the ACL entry. Multiple entries in an ACL will be processed in order based on this number. The sequence number cannot be modified once created. The ACL must be deleted and recreated.
C. Protocol: Specify if TCP, UDP, or all packets associated with the IP addresses defined in this ACL will be permitted or denied.
D. Action: Specify if packets associated with the IP addresse defined in this ACL will be permitted or denied.
E. Source IP: Specify the source IP address of the incoming packet. Choose Custom to enter a specific IP address. To specify a wildcard, use the '*' symbol.  Enter Any in the text field or leave the field following Custom blank to apply to all IP addresses
F. Destination IP: Specify the destination IP address of the incoming packet. Choose Custom to enter a specific IP address. To specify a wildcard, use the '*' symbol.  Enter Any in the text field or leave the field following Custom blank to apply to all IP addresses.

3. Click Create.


Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Calling all Partners! We want to hear your feedback! Please participate in this quick survey and help us build a better, more-relevant Knowledge Base!

Want to talk about it? Head on over to our Community Forum!