Legacy Open Mesh: Switches: Access Control Lists

Follow

Topic

This article describes implementing both MAC and IPv4 based access control lists (ACLs) on Open Mesh Switches.

Environment

  • Open Mesh Switches

Description

Access Control Lists (ACLs) let you set rules that tell a switch how to decide whether to allow or drop a given packet based on its MAC address or IP address.

Open Mesh switches allow for multiple ACLs, with multiple rules (access control list entries) within each ACL.

  • Each ACL is identified by its name.
  • All entries within the same ACL use the same ACL name.
  • Up to 3000 total ACL entries are supported, with up to 256 entries per ACL.

Procedure

1. Navigate to ManageSwitches and select a switch.

2. Click on Switch Settings.

mceclip0.pngFigure 1: Switch Settings

3. Click the Enable checkbox in the Access Control List row.

mceclip1.pngFigure 2: Enabling ACL

Creating MAC-based ACLs

1. Click the Add New button above the MAC Based table.

mceclip2.pngFigure 3: The Add New MAC Based ACL button

2. Complete the following fields:

A. New ACL name: Enter the name of your ACL. If an existing ACL is present on the switch, you can either add an additional entry to that ACL or create a new ACL altogether. ACL names cannot be renamed once created; the ACL must be deleted and recreated. 
B. Sequence: Enter the sequence number of the ACL entry. Multiple entries in an ACL will be processed in order based on this number. The sequence number cannot be modified once created; the ACL must be deleted and recreated. 
C. Action: Specify whether packets associated with MAC addresses defined in this ACL will be permitted or denied. 
D. Source MAC: Specify the source MAC address of the incoming packet. Choose Custom to enter a specific MAC address. To specify a wildcard, use the '*' symbol. Enter Any in the text field or leave the field following Custom blank to apply to all MAC addresses.
E. Destination MAC: Specify the destination MAC address of the incoming packet. Choose Custom to enter a specific MAC address. To specify a wildcard, use the '*' symbol. Enter Any in the text field or leave the field following Custom blank to apply to all MAC addresses.

mceclip3.pngFigure 4: Create MAC ACL Entry

3. Click the Create button.

Creating IPv4-Based ACLs

1. Click the Add New button.

mceclip4.pngFigure 5: The Add New IPv4 Based ACL button

2. Complete the following fields:

A. New ACL name: Enter the name of your ACL. If an existing ACL is present on the switch, you can either add an additional entry to that ACL or create a new ACL altogether. ACL names cannot be renamed once created; the ACL must be deleted and recreated. 
B. Sequence: Enter the sequence number of the ACL entry. Multiple entries in an ACL will be processed in order based on this number. The sequence number cannot be modified once created; the ACL must be deleted and recreated. 
C. Protocol: Specify if this ACL will permit or deny TCP, UDP, or all packets associated with the defined IP addresses.
D. Action: Specify if this ACL will permit or deny packets associated with the IP addresses defined in this ACL. 
E. Source IP: Specify the source IP address of the incoming packet. Choose Custom to enter a specific IP address. To specify a wildcard, use the '*' symbol. Enter Any in the text field or leave the field following Custom blank to apply to all IP addresses.
F. Destination IP: Specify the destination IP address of the incoming packet. Choose Custom to enter a specific IP address. To specify a wildcard, use the '*' symbol.  Enter Any in the text field or leave the field following Custom blank to apply to all IP addresses.

mceclip5.pngFigure 6: Create IPv4 ACL Entry

3. Click the Create button.


Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Have a feature request?

Head on over to our Datto Community Forum or the Datto Community Online.

For more Business Management resources, see the Datto RMM Online Help and the Autotask PSA Online Help .

Still have questions? Get live help.

Datto Homepage