Table of Contents
Advertisement
For example there are two regulations in one group of regulation: access-list 1 deny 192.168.1.0
0.0.0.255 and access-list 1 permit any. When there is a regulation that permits all IP protocol
(0x0800) packet, the hidden regulation is not existed, in fact there are two regulations to lead to
the FFP of the port. During the data flow is filtrated only the data flow from 192.168.1.0 to
192.168.1.255 by source address will be deleted and all other data flow can be traferred.
Please refer to Figure 11-1 that is an example of ACL filtration. Port 1 of iSpirit 3026 switch
selects an ACL regulation group 11, in which there is only one regulation of access-list 1 permit
192.168.0.100. Under port 1 of switch there are two users want to connect to the Internet
through this port, IP address of user 1 is 192.168.0.100, and the IP address of user 2 is
192.168.0.101. Only user 1 can be connected to Internet through port 1 of switch instead of user
2. Data flow p1 given out by user 1 can be forwarded through port 1, but data flow p2 given by
user 2 will be deleted in port 1.
Figure 11-1.onnect to Internet from Port ACL Filtration
ACL filteration is exclusive from IP binding, if one port has been bound with IP Add., the port
cannot be carried out with ACL filteration. There is certain command in configuration between
ACL filtration and QoS Untrust port, the port must be firstly configured with ACL filteration, and
then configured with QoS Untrust port. If one port has been configured with QoS Untrust port,
Advertisement
Table of Contents
