EasyManuals Logo

D-Link xStack DGS-3610 Series User Manual

D-Link xStack DGS-3610 Series
703 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #605 background imageLoading...
Page #605 background image
DGS-3610 Series Configuration Guide Chapter 44 Access Control List Configuration
44-5
address is not in the IP range of the SVI-associated subnet. Suppose the IP address of vlan
1 is 192.168.64.1 255.255.255.0, ACE is set to deny udp any 192.168.65.1 0.0.0.255 eq
255, and an IP extended ACL is created. The ACL does not take effect when it is applied to
the output of vlan 1 because the destination IP is not in the IP range of the vlan 1 subnet. If
ACE is set to deny udp any 192.168.64.1 0.0.0.255 eq 255, the ACL takes effect because
the destination IP conforms to the rules.
5. If a member port of SVI is used for routing instead of directly connecting PC, the ACL in
the SVI out direction does not take effect for packet flows that output at the member port.
6. Not supporting ACL in the out direction associated to routing port or L3 AP
44.2 Configuring IP Access Lists
To configure access lists on a device, you must specify unique names or numbers for the
access lists of a protocol to uniquely identifying each access list inside the protocol. The
following table lists the protocols that can use numbers to specify access lists and the
number ranges of access lists that can be used by each protocol.
Protocol
Number Range
Standard IP
1-99, 1300 - 1999
Extended IP
100-199, 2000 - 2699
44.2.1 Guide to Configure IP Access Lists
When you create an access list, defined rules are applied to all packets on a device. The
device decides to forward or block a packet by judging whether the packet matches a rule.
Basic Access Lists include standard access lists and extended access lists. The typical rules
defined in access lists are as follows:
Source address
Destination address
Upper layer protocol
Time range
Standard IP access lists (1 99, 1300 1999) forward or block packets according to source
IP addresses. Extended IP access lists (100 199, 2000 2699) use the above four
combinations to forward or block packets. Other types of access lists forward or block
packets according to related codes.
A single access list can use multiple separate access list statements to define multiple rules.
Where, all statements use a same number or name to bind them to a same access list.
However, the more the used statements, the more difficult to read and understand an access
list.

Table of Contents

Other manuals for D-Link xStack DGS-3610 Series

Preview: Hardware Installation Guide
Hardware Installation Guide26 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the D-Link xStack DGS-3610 Series and is the answer not in the manual?

D-Link xStack DGS-3610 Series Specifications

General IconGeneral
BrandD-Link
ModelxStack DGS-3610 Series
CategorySwitch
LanguageEnglish

Related product manuals