Legacy Open Mesh: Switches: Access Control Lists

Topic

This article describes implementing both MAC and IPv4 based access control lists (ACLs) on Open Mesh Switches.

Environment

  • Open Mesh Switches

Description

Access Control Lists (ACLs) let you set rules that tell a switch how to decide whether to allow or drop a given packet based on its MAC address or IP address.

Open Mesh switches allow for multiple ACLs, with multiple rules (access control list entries) within each ACL.

  • Each ACL is identified by its name.
  • All entries within the same ACL use the same ACL name.
  • Up to 3000 total ACL entries are supported, with up to 256 entries per ACL.

Procedure

1. Navigate to Manage ? Switches and select a switch.

2. Click on Switch Settings.

mceclip0.pngFigure 1: Switch Settings

3. Click the Enable checkbox in the Access Control List row.

mceclip1.png
Figure 2:
Enabling ACL

Creating MAC-based ACLs

1. Click the Add New button above the MAC Based table.

mceclip2.png
Figure 3:
The Add New MAC Based ACL button

2. Complete the following fields:

A. New ACL name: Enter the name of your ACL. If an existing ACL is present on the switch, you can either add an additional entry to that ACL or create a new ACL altogether. ACL names cannot be renamed once created; the ACL must be deleted and recreated.
B. Sequence: Enter the sequence number of the ACL entry. Multiple entries in an ACL will be processed in order based on this number. The sequence number cannot be modified once created; the ACL must be deleted and recreated.
C. Action: Specify whether packets associated with MAC addresses defined in this ACL will be permitted or denied.
D. Source MAC: Specify the source MAC address of the incoming packet. Choose Custom to enter a specific MAC address. To specify a wildcard, use the '*' symbol. Enter Any in the text field or leave the field following Custom blank to apply to all MAC addresses.
E. Destination MAC: Specify the destination MAC address of the incoming packet. Choose Custom to enter a specific MAC address. To specify a wildcard, use the '*' symbol. Enter Any in the text field or leave the field following Custom blank to apply to all MAC addresses.

mceclip3.pngFigure 4: Create MAC ACL Entry

3. Click the Create button.

Creating IPv4-Based ACLs

1. Click the Add New button.

mceclip4.png
Figure 5:
The Add New IPv4 Based ACL button

2. Complete the following fields:

A. New ACL name: Enter the name of your ACL. If an existing ACL is present on the switch, you can either add an additional entry to that ACL or create a new ACL altogether. ACL names cannot be renamed once created; the ACL must be deleted and recreated.
B. Sequence: Enter the sequence number of the ACL entry. Multiple entries in an ACL will be processed in order based on this number. The sequence number cannot be modified once created; the ACL must be deleted and recreated.
C. Protocol: Specify if this ACL will permit or deny TCP, UDP, or all packets associated with the defined IP addresses.
D. Action: Specify if this ACL will permit or deny packets associated with the IP addresses defined in this ACL.
E. Source IP: Specify the source IP address of the incoming packet. Choose Custom to enter a specific IP address. To specify a wildcard, use the '*' symbol. Enter Any in the text field or leave the field following Custom blank to apply to all IP addresses.
F. Destination IP: Specify the destination IP address of the incoming packet. Choose Custom to enter a specific IP address. To specify a wildcard, use the '*' symbol. Enter Any in the text field or leave the field following Custom blank to apply to all IP addresses.

mceclip5.pngFigure 6: Create IPv4 ACL Entry

3. Click the Create button.

 

Need troubleshooting help? Open the Kaseya Helpdesk.
Want to talk about it? Head on over to the Community!
Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
Provide feedback for the Documentation team.

How would you rate this KB article?

Gold StarGreen LightYellow LightRed Light

^

Copyright © 2024 Kaseya Limited | Privacy Policy | Cookies Settings | Website Terms of Use