We have learnt the aspects affecting the services during the network construction through the previous sections. People are legal, packets are legal, and packet forwarding rate is normal. All seem to be harmonious. However, there is a huge amount of information in the network. Not all information can be accessed by the public.

The Access Control List (ACL) of the switch can identify the information of users, such as source MAC, destination MAC, source IP, destination IP, port number, VLAN ID and protocol type. However, all the information is identified by hardware. Simply speaking, identification is faster than packet transmission. Therefore, it is unnecessary to concern about forwarding.

What is the function of ACL?

For example, to enable only the management to access Server A (confidential server), use the ACL as below:

Permit IP (1) (IP address of Leader 1) to access IP (A) (IP address of Server A)

Permit IP (1) (IP address of Leader 2) to access IP (A) (IP address of Server A)……

Deny all the other users to access IP (A).


Together with right control, users can enable the following functions on the access layer:

1. Find out who is using the network.

2. Fraud packets are not allowed to access the network.

3. Violent attack packets are not allowed to access the network.

4. People cannot access the forbidden areas.

The Four Compliance Rule hereby takes effect. The access switch screens the packets accessing the network and thus provides a secure environment for data forwarding and service operation.