Datto Network Manager: Switches: Access control lists

Follow

Topic

This article describes how to implement MAC and IPv4-based access control lists (ACLS) on Datto switches.

Environment

  • Datto Network Manager

Description

Access Control Lists (ACLs) let you set rules that tell a switch when to allow or drop a given packet based on its MAC address or IP Address.

  • Datto switches allow for multiple ACLs, with various rules (Access Control List Entries) within each ACL.
  • The ACL name identifies each ACL. All the individual entries within the same ACL use the same ACL name.
  • Up to 3000 total ACL entries are supported, with up to 256 entries per ACL.

Navigating to ACL options

1. In Datto Network Manager's Navigation menu, click Switches, then click Switch Settings from the expanded options.

mceclip0.pngFigure 1: The Navigation menu (click to enlarge)

2. On the Switch Settings page, click Access Control List (ACL) to expand ACL options.

mceclip1.pngFigure 2: The Switch Settings page (click to enlarge)

Creating MAC-based ACLS

1. In the MAC Based section of the Access Control List (ACL) card, click the ADD NEW button. 

mceclip2.pngFigure 3: MAC Based ACLs (click to enlarge)

2. An ACL creation dialog box will appear. Enter the following information:

  • New ACL Name: Enter the name of your ACL. If an existing ACL is present on the switch, you can either add an entry to that ACL or create a new one. You cannot rename an ACL once you create it. 
  • Sequence: The switch will process multiple entries in an ACL in order based on this number. The sequence number cannot be modified once created. The ACL must be deleted and recreated.
  • Action: Specify whether to permit or deny packets associated with the MAC addresses defined in this ACL.
  • Source MAC: Specify the source MAC address of the incoming packet. Choose Custom to enter a specific MAC address. To specify a wildcard, use the * symbol. Enter Any in the text field or leave the field following Custom blank to apply to all MAC addresses.
  • Destination MAC: Specify the destination MAC address of the incoming packet. Choose Custom to enter a specific MAC address. To specify a wildcard, use the * symbol. Enter Any in the text field or leave the field following Custom blank to apply to all MAC addresses.

When finished, click the Create button.

mceclip3.pngFigure 4: The Create MAC ACL Entry dialog box (click to enlarge)

Creating IPv4-based ACLS

1. In the IPv4 Based section of the Access Control List (ACL) card, click the ADD NEW button. 

mceclip4.pngFigure 5: IPv4 Based ACLs (click to enlarge)

2. An ACL creation dialog box will appear. Enter the following information:

  • New ACL Name: Enter the name of your ACL. If an existing ACL is present on the switch, you can either add an entry to that ACL or create a new one. You cannot rename an ACL once you create it. 
  • Sequence: The switch will process multiple entries in an ACL in order based on this number. The sequence number cannot be modified once created. The ACL must be deleted and recreated.
  • Action: Specify whether to permit or deny packets associated with the MAC addresses defined in this ACL.
  • Protocol: Specify whether to act on TCP, UDP, or all packets associated with the IP addresses defined in this ACL.
  • Action: Specify whether to permit or deny packets associated with the IP addresses defined in this ACL.
  • Source IP: Specify the source IP address of the incoming packet. Choose Custom to enter a specific IP address. To specify a wildcard, use the * symbol. Enter Any in the text field or leave the field following Custom blank to apply to all IP addresses
  • Destination IP: Specify the destination IP address of the incoming packet. Choose Custom to enter a specific IP address. To specify a wildcard, use the * symbol. Enter Any in the text field or leave the field following Custom blank to apply to all IP addresses.

When finished, click the Create button.

Applying ACL settings

After creating an ACL, you must apply it to the appropriate port on the switch.

1. In the Navigation menu, click Port Settings under expanded switch options.

mceclip5.pngFigure 6: Port Settings in the Navigation menu (click to enlarge)

2. Click the port to which you wish to apply the ACL, then click Security in port settings and choose your ACL from the drop-down menu. When finished, click Save Changes.

mceclip6.pngFigure 7: The Port Settings page (click to enlarge)


Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Have a feature request?

Head on over to our Datto Community Forum or the Datto Community Online.

For more Business Management resources, see the Datto RMM Online Help and the Autotask PSA Online Help .

Still have questions? Get live help.

Datto Homepage