ACL
Location in Dashboard: Switching >> Configure >> ACL
Layer 3 Traffic Filtering
Section titled “Layer 3 Traffic Filtering”Switch Access Control Lists (ACLs) configuration in Meraki switches provides granular Layer 3 traffic filtering and security controls, enabling administrators to define comprehensive network access policies based on IP addresses, protocols, ports, and VLAN membership. This functionality supports both IPv4 and IPv6 traffic management with allow and deny policies, ensuring precise control over network traffic flow between different network segments and external resources. Switch ACLs are essential for implementing network segmentation, controlling inter-VLAN communication, enforcing security policies, and managing traffic flow in enterprise switching environments.
Diagram
Section titled “Diagram”Classes
Section titled “Classes”switch (meraki.domains.organizations.networks)
Section titled “switch (meraki.domains.organizations.networks)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| access_control_lists_rules | List | [access_control_lists_rules] | No |
access_control_lists_rules (meraki.domains.organizations.networks.switch)
Section titled “access_control_lists_rules (meraki.domains.organizations.networks.switch)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| comment | String | min: 1, max: 127 | No | |
| policy | Choice | allow, deny | Yes | |
| ip_version | Choice | any, ipv4, ipv6 | No | |
| protocol | Choice | any, tcp, udp | Yes | |
| vlan | Any | Integer[min: 1, max: 4094] or String[matches: `(?:[1-9] | [1-9][0-9] | [1-9][0-9]2 |
| source_cidr | String | Regex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$ | No | |
| source_port | Any | Integer[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3 | [1-5][0-9]4 | 6[0-4][0-9]3 |
| destination_cidr | String | Regex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$ | No | |
| destination_port | Any | Integer[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3 | [1-5][0-9]4 | 6[0-4][0-9]3 |
Examples
Section titled “Examples”Example-1: This configuration defines access control list (ACL) rules for managing network traffic based on protocol, source, and destination criteria. The rules specify actions for IPv4 traffic and include details such as VLAN scope, allowed protocols, and destination filtering.
The first rule, labeled “tcp rules,” allows TCP traffic from any source IP and port to destination subnet 1.1.1.1/24 on port 443 and applies specifically to VLAN 100. The second rule, labeled “Test Any rule,” allows any IPv4 protocol from any source IP and port to the single host 2.1.1.1 on any destination port and applies to all VLANs.
meraki: domains: - name: !env domain administrator: name: !env org_admin organizations: - name: !env org networks: - name: !env network_name product_types: - appliance - switch - wireless - camera - sensor - cellularGateway switch: access_control_lists_rules: - comment: tcp rules policy: allow ip_version: ipv4 protocol: tcp source_cidr: any source_port: any destination_cidr: 1.1.1.1/24 destination_port: "443" vlan: 100 - comment: Test Any rule policy: allow ip_version: ipv4 protocol: any source_cidr: any source_port: any destination_cidr: 2.1.1.1/32 destination_port: any vlan: any