EasyManuals Logo

Ruijie RG-WLAN Series User Manual

Ruijie RG-WLAN Series
1243 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #908 background imageLoading...
Page #908 background image
Configuration Guide Configuring ACL
SVI Router ACL
Enable users in the same VLAN to communicate with each other.
11.3.1 IP ACL
The IP ACL implements refined control on incoming and outgoing IPv4 packets of a device. You can permit or deny the entry
of specific IPv4 packets to a network according to actual requirements to control access of IP users to network resources.
Working Principle
Define a series of IP access rules in the IP ACL, and then apply the IP ACL either in the incoming or outgoing direction of an
interface or globally. The device checks whether the incoming or outgoing IPv4 packets match the rules and accordingly
forwards or blocks these packets.
To configure an IP ACL, you must specify a unique name or ID for the ACL of a protocol so that the protocol can uniquely
identify each ACL. The following table lists the protocols that can use IDs to identify ACLs and the range of IDs.
Protocol
ID Range
Standard IP
199, 13001999
Extended IP
100199, 20002699
Basic ACLs include the standard IP ACLs and extended IP ACLs. Typical rules defined in an ACL contain the following
matching fields:
Source IP address
Destination IP address
IP protocol number
L4 source port ID or ICMP type
L4 destination port ID or ICMP code
The standard IP ACL (ID range: 199, 13001999) is used to forward or block packets based on the source IP address,
whereas the extended IP ACL (ID range: 100199, 20002699) is used to forward or block packets based on a combination
of the preceding matching fields.
For an individual ACL, multiple independent ACL statements can be used to define multiple rules. All statements reference
the same ID or name so that these statements are bound with the same ACL. However, more statements mean that it is
increasingly difficult to read and understand the ACL.
For routing products, the ICMP code matching field in an ACL rule is ineffective for ICPM packets whose ICPM type is 3.
If the ICPM code of ICMP packets to be matched is configured in an ACL rule, the ACL matching result of incoming
ICMP packets of a device whose ICPM type is 3 may be different from the expected result.
Implicit "Deny All Traffic" Rule Statement
At the end of every IP ACL is an implicit "deny all traffic" rule statement. Therefore, if a packet does not match any rule, the
packet will be denied.

Table of Contents

Other manuals for Ruijie RG-WLAN Series

Preview: Rgos Command Reference
Rgos Command Reference657 pages
Preview: Configuration Guide
Configuration Guide712 pages
Preview: Web-Based Configuration Guide
Web-Based Configuration Guide71 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Ruijie RG-WLAN Series and is the answer not in the manual?

Ruijie RG-WLAN Series Specifications

General IconGeneral
BrandRuijie
ModelRG-WLAN Series
CategoryWireless Access Point
LanguageEnglish

Related product manuals