Skip to main content
All CollectionsRuijie Networks / ReyeeRouter Ruijie (Enterprise)
Ruijie - Router RG-EG3230 - How to Configure an Access Control List (ACL)?
Ruijie - Router RG-EG3230 - How to Configure an Access Control List (ACL)?

How to generate an Access Control List to block or allow traffic.

E
Written by Engineering
Updated over 8 months ago

ACL: Access Control List

It is a way to determine appropriate access permissions to a specific object, depending on certain aspects of the requesting process.

It manages access to restricted areas and prevents unauthorized or undesirable individuals from freely accessing the company. Additionally, with an access control system, one can keep track of staff attendance, entry and exit times, and maintain a historical record of people entering all areas (to identify those who might be responsible for an incident).

EXAMPLE: There are two network segments, and you want to block communication between them.

VLAN2: 192.168.2.0/24

VLAN3: 192.168.3.0/24

Click on the following link to view the configuration manual on how to create VLANs:

Configuration

1. Access the device.

  • IP: 192.168.1.1 on the management port (MGMT), or you can access it through any other IP configured on its ports.

  • Username: admin

  • Password: Configured the first time you access it.

Once inside the device interface, select the following section:

  • Security -> ACL -> Add ACL

Generate an ACL with an ID of your choice, allowing from 100 to 109, 111 to 196, and from 2000 to 2699.

Example:

We will add the ACL with ID 111.

2. Within ID 111, click on "+Add ACE" where you will create a policy to deny communication from the 192.168.2.0/24 segment to the 192.168.3.0/24 segment.

3. Generate another ACE where you will allow all other traffic, as not adding it would leave the segments without internet or any other network connection.

It would look like the following:

4. Click on 'Interface Access Control' and add a new rule to apply the generated ACL.

This way, the configuration will be complete.

Did this answer your question?