EasyManua.ls Logo

Allied Telesis AT-9000/28 - How Ingress Packets Are Compared against Acls; Guidelines; Table 108. Access Control List ID Number Ranges

Allied Telesis AT-9000/28
1276 pages
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
AT-9000 Switch Command Line User’s Guide
Section X: Network Management 1023
The order in which permit and deny ACLs are numbered is unimportant.
How Ingress
Packets are
Compared
Against ACLs
Ports that do not have any ACLs forward all ingress packets. Ports with
one or more deny ACLs discard ingress packets that match the ACLs and
forward all other traffic. A port that has one ACL that specifies a particular
source IP address, for example, discards all ingress packets with that
source address and forwards all other traffic. In situations where a port has
more than one deny ACL, packets are discarded at the first match.
Since ports forward all ingress packets unless they have deny ACLs,
permit ACLs are only necessary in situations where you want a port to
forward packets that are a subset of a larger traffic flow that is to be
blocked. An example of this would be a port that should forward only
packets having a specified destination IP address. A permit ACL would
specify the packets with the intended destination IP address and a deny
ACL would specify all traffic.
When ports are to have both permit and deny ACLs, it is important that
permit ACLs be added first, because packets are compared against the
ACLs in the order they are added to the ports. If a permit ACL is added
after a deny ACL, ports are likely to discard packets specified by the permit
ACL, thus causing them to block packets you want them to forward. This is
illustrated in the examples in this chapter.
Guidelines Here are the ACL guidelines:
The action an ACL can have is permit or deny. The permit action
allows ports to forward ingress packets of the designated traffic flow
while the deny action causes ports to discard packets.
A port can have more than one ACL.
An ACL can be assigned to more than one port.
You cannot assign an ACL more than once to a port.
Table 108. Access Control List ID Number Ranges
Type of ACL ID Number Range
Source or destination
IP address
ICMP type
Protocol
TCP port
UDP port
3000 - 3699
Source or destination
MAC address
4000 to 4699

Table of Contents

Other manuals for Allied Telesis AT-9000/28

Preview: Installation Guide
Installation Guide70 pages
Preview: Datasheet
Datasheet4 pages

Related product manuals