EasyManua.ls Logo

Ruijie RG-S2900G-E Series - Page 761

Ruijie RG-S2900G-E Series
943 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Configuration Guide Access Control List Configuration
Input/Output ACL, Filtering Domain Template and Rule
When a device interface receives a message, the input ACL checks whether the message matches
an ACE of the ACL input on the interface. When a device interface is ready to output a message, the
output ACL checks whether the message matches an ACE of the ACL output on the interface.
When detailed filtering rules are formulated, all or some of the above eight items may be used. As
long as the message matches one ACE, the ACL processes the message as the ACE defined (permit
or deny). The ACE of an ACL identifies Ethernet messages according to some fields of Ethernet
messages. The fields include the following:
Layer-2 fields:
48-bit source MAC address (all the 48 bits must be declared)
48-bit destination MAC address (all the 48 bits must be declared)
16-bit layer-2 type field
Layer 3 fields:
Source IP address field (you can specify all the 32 bits of the IP address, or specify a type of
streams of the defined subnet)
Destination IP address field (you can specify all the 32 bits of the IP address, or specify a type of
streams of the defined subnet)
Protocol type fields
Layer-4 fields:
You can specify one UDP source port, destination port, or both
You can specify one UDP source port, destination port, or both
The filtering domain consists of the fields in the packets based on which the packets are identified
and classified when you create an ACE. A filtering domain template is the definition formed by these
fields. For example, when one ACE is generated, you want to identify and classify messages
according to the destination IP field of a message. When another ACE is generated, you want to
identify and classify messages according to the source IP address field of a message and the source
port field of UDP. In this way, these two ACEs use different filtering domain templates.
Rules refer to the values of the ACE mask. For example, one ACE is:
permit tcp host 192.168.12.2 any eq telnet
In this ACE, the filtering domain template is a collection of the following fields: Source IP Address
Fields, IP Protocol Fields and Destination TCP Port Fields. Corresponding values (rules) are
respectively as follows: Source IP Address=host 192.168.12.2; IP Protocol=tcp; TCP Destination
Port=telnet.

Table of Contents

Related product manuals