EasyManua.ls Logo

Ruijie RG-S2900G-E Series - Page 764

Ruijie RG-S2900G-E Series
943 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Configuration Guide Access Control List Configuration
Guide to configure IP Access List
When you create an access list, defined rules will be applied to all packet messages on a switch. The
switch decides whether to forward or block a packet messages by judging whether the packet
matches a rule.
Basic Access Lists include standard access lists and extended access lists. The typical rules defined
in access lists are the following:
Source address
Destination address
Upper layer protocol
Time range
Standard IP access lists (1 99, 1300 1999) forward or block packets according to source
addresses. Extended IP access lists (100 199, 2000 2699) use the above four combinations to
forward or block packets.
A single access list can use multiple separate access list sentences to define multiple rules. Where,
all sentences use a same number or name to bind these sentences to a same access list. However,
the more the used sentences are, the more difficult to read and understand an access list.
Implicating “Deny Any Data Flow” Rule Sentence
The ending part of each access list implicates a “Deny any data flow” rule sentence. Therefore, if a
packet matches no rule, then it is denied, as shown in the following example:
access-list 1 permit host 192.168.4.12
This list allows only the message of host 192.168.4.12 and denies any other host. This is because
the list contains the following rule statement at the end: access-list 1 deny any
Here is another example:
access-list 1 deny host 192.168.4.12
If the list contains the only statement above, the messages from any host will be denied on the port.
Caution
It is required to consider the routing update message when defining
the access list. Since the end of the access list “denies all dataflow”,
this may cause all routing update messages blocked.
Order to Input Rule Sentences
Each added rule is appended to the access list. If a sentence is created, then you cannot delete it
separately and can only delete the whole access list. Therefore, the order of access list sentences is
very important. When deciding whether to forward or block packets, a switch compares packets and
sentences in the order of sentence creation. After finding a matching sentence, it will not check other
rule sentences.

Table of Contents

Related product manuals