Acl T Roubleshooting - Edge-Core ES3628EA User Manual

to 10.0.0.0/24 segment, ftp is not desired for the user.
Configuration description:
a) Create a proper ACL
b) Configuring packet filtering function
c) Bind the ACL to the port
The configuration steps are listed below:
Switch(Config)#access-list 110 deny tcp 10.0.0.0 0.0.0.255 any-destination d-port 21
Switch(Config)#firewall enable
Switch(Config)#firewall default permit
Switch(Config)#interface Ethernet 0/0/10
Switch(Config-Ethernet0/0/10)#ip access-group 110 in
Switch(Config-Ethernet0/0/10)#exit
Switch(Config)#exit
Configuration result.:
Switch#show firewall
Firewall Status: Enable.
Firewall Default Rule: Permit.
Switch#show access-lists
access-list 110(used 1 time(s))
access-list 110 deny tcp 10.0.0.0 0.0.0.255 any-destination d-port 21
Switch#show access-group interface Ethernet 0/0/10
interface name:Ethernet0/0/10
the ingress acl use in firewall is 110.
18.4 ACL Troubleshooting
Checking for entries in the ACL is done in a top-down order and ends whenever an
entry is matched.
Default rule will be used only if no ACL is bound to the specific direction of the port,
or no ACL entry is matched.
Applies to IP packets incoming on all ports, and has no effect on other types of
packets.
One port can bound to only one incoming ACL.
The number of ACLs that can be successfully bound depends on the content of the
ACL bound and the hardware resource limit. Users will be prompted if an ACL
720