282
DCS-3950 series Ethernet switch manual
Switch#show time-range
time-range timer1 (inactive)
absolute-periodic Saturday 0:0:0 to Sunday 23:59:59
time-range timer2 (active)
absolute-periodic Monday 0:0:0 to Friday 23:59:59
15.5.2 ACL Troubleshooting
& The check of list entris in ACL is a top-down behavior, once one entry is mached, the
check will be finished immediately;
& Only when there is no ACL binded or no ACL entry mached on the special direction of
the port, the default rules will be used;
& Each port ingress can bind one MAC-IP ACL or one IP ACL or one MAC ACLï¼›
& Each port egress can bind one MAC-IP ACL or one IP ACL or one MAC ACL
& When two sets of ACL are binded to the ingress and egress simultaneously, the
priority of the egress rules is higher than that of ingress rules; in the same set of ACL,
the earlier the rule is configurated, the higher its priority is;
& When one ACL is binded to egress direction of the port, it can only include deny list
entries;
& Only the interfaces on the MASTER switch can support the binding of ACL;
& The number of ACL that can be binded successfully is dependent on the content of
binded ACL and the limitation of hardware resource;
& If there are some rules including the same filtering information but conflicting behavior
in the access-list, it can not be binded to the port, and will cause an error prompt. For
example: configure permit tcp any-source any-destination and deny tcp any-source
any-destination at the same time.
& Viruses such as ‘worm.blaster’ can be blocked by configuring ACL to block specific
ICMP packets or specific TCP or UDP port packet.
& ACL can only be bound to inbound interfaces, and can not be bound to outbound
interfaces currently.
To Next Page
Loading...
Need help?
General