1. Manuals
  2. Brands
  3. IBM Manuals
  4. Network Router
  5. RackSwitch G8000
  6. Application manual

Assigning Individual Acls To A Port; Acl Order Of Precedence - IBM RackSwitch G8000 Application Manual

A top-of-rack (tor) switch
Hide thumbs Also See for RackSwitch G8000:
Table of Contents

Advertisement

Assigning Individual ACLs to a Port

ACL Order of Precedence

82
RackSwitch G8000: Application Guide
Once you configure an ACL, you must assign the ACL to the appropriate ports.
Each port can accept multiple ACLs, and each ACL can be applied for multiple
ports. ACLs can be assigned individually, or in groups.
To assign an individual ACLs to a port, use the following IP Interface Mode
commands:
RS G8000(config)# interface port <port>
RS G8000(config-ip)# access-control list <IPv4 ACL number>
RS G8000(config-ip)# access-control list6 <IPv6 ACL number>
When multiple ACLs are assigned to a port, higher-priority ACLs are considered
first, and their action takes precedence over lower-priority ACLs. ACL order of
precedence is discussed in the next section.
Note: When IPv6 ACLs are applied to a port, some IPv4 ACLs are restricted from
being applied to the same port. Only IPv4 ACLs 1 through 256 may be
applied to ports that also use IPv6 ACLs.
To create and assign ACLs in groups, see
When multiple ACLs are assigned to a port, the order in which the ACLs are applied
to port traffic (or whether they are applied at all) depends on the following factors:
The precedence group in which the ACL resides;
The ACL number;
Whether a prior ACL in the precedence group is also matched;
And whether the ACL action is compatible with preceding ACLs.
ACLs are automatically divided into precedence groups as follows:
Precedence Group 1 includes ACL 1—128.
Precedence Group 2 includes ACL 129—256.
Precedence Group 3 includes ACL 257—384.
Precedence Group 4 includes ACL 385—512.
The switch processes each precedence group in numeric sequence; Precedence
group 1 is evaluated first, followed by precedence group 2, and so on.
Within each precedence group, ACLs assigned to the port are processed in numeric
sequence, based on ACL number. Lower-numbered ACLs take precedence over
higher-numbered ACLs. For example, ACL 1 (if assigned to the port) is evaluated first
and has top priority within precedence group 1.
For each precedence group, only the first assigned ACL that matches the port traffic
is considered. If multiple ACLs in the precedence group match the traffic, only the
one with the lowest ACL number is considered. The others in the precedence group
are ignored.
One ACL match from each precedence group is permitted, meaning that up to four
ACL matches may be considered for action: one from precedence group 1, one from
precedence group 2, and so on.
"ACL Groups" on page
83.

Advertisement

Table of Contents

Troubleshooting

loading

Related Manuals for IBM RackSwitch G8000

Related Content for IBM RackSwitch G8000

Table of Contents