Configuration Guide Configuring ACL
11 Configuring ACL
11.1 Overview
Access Control List (ACL) is also called access list or firewall. It is even called packet filtering in some documents. The ACL
defines rules to determine whether to forward or drop data packets arriving at a network interface.
ACLs are classified by function into two types:
Security ACLs: Used to control data flows that are allowed to pass through a network device.
Quality of service (QoS) ACLs: Used to classify and process data flows by priority.
ACLs are configured for a lot of reasons. Major reasons include:
Network access control:To ensure network security, rules are defined to limit access of users to some services (for
example, only access to the WWW and email services is permitted, and access to other services such as Telnet is
prohibited), or to allow users to access services in a specified period of time, or to allow only specified hosts to access
the network.
QoS: QoS ACLs are used to preferentially classify and process important data flows. For details about the use of QoS
ALCs, see the configuration manual related to QoS.
11.2 Applications
Access Control of an Enterprise
Network
On an enterprise network, the network access rights of each department, for example,
access rights of servers and use permissions of chatting tools (such as QQ and
MSN), must be controlled according to requirements.
11.2.1 Access Control of an Enterprise Network
Scenario
Internet viruses can be found everywhere. Therefore, it is necessary to block ports that are often used by viruses to ensure
security of an enterprise network as follows:
Allow only internal PCs to access the server.
Prohibit PCs of a non-financial department from accessing PCs of the financial department, and prohibit PCs of a
non-R&D department from accessing PCs of the R&D department.
Prohibit the staff of the R&D department from using chatting tools (such as QQ and MSN) during working hours from
09:00 to 18:00.
Figure11-1
To Next Page
Loading...
Need help?
General
