Ruijie RG-S2900G-E Series - Configuring Acl Entries by Priority

To Next Page

To Previous Page

Configuration Guide Access Control List Configuration

Command

Function

Ruijie(config-exp-nacl)# exit

Ruijie(config)# interface interface

Exit from the access control list mode and

select the interface to which the access list is to

be applied.

Ruijie(config-if)# ip access-group

{id | name} {in | out}

Apply the access list to the specific interface

The following example explains how to configure a TCP Flag

Enable permission and password

Ruijie> enable

Ruijie#

Enter the global configuration mode.

Ruijie# configure terminal

Enter the ACL configuration mode.

Ruijie(config)# ip access-list extended test-tcp-flag

Add an ACL entry

Ruijie(config-ext-nacl)# permit tcp any any match-all rst

Add a deny entry

Ruijie(config-ext-nacl)# deny tcp any any match-all fin

Adding/delete entries repeatedly.

end

Ruijie(config-ext-nacl)# end

Show

Ruijie# show access-list test-tcp-flag

ip access-lists extended test-tcp-flag

10 permit tcp any any match-all rst

20 deny tcp any any match-all fin

Configuring ACL Entries by Priority

To embody the ACE priority, there are standards for each ACL to normalize the ACE arranging

method under the ACL by using the numbered start point – increment mode, as detailed below:

 ACE is sorted in the ascend order in the chain table by the sequential numbers.

 Starting from the start point number, if no number is specified, it increases by step on the basis of

the previous ACE number.

 To specify number, the ACE is inserted in sorting mode, and the increment ensures new ACE can

be inserted between two adjacent ACEs.

 The ACL specifies the start point number and the number increment.

Related product manuals