Precedence Order; Configuring An Acl - Motorola RFS7000 Series System Reference Manual
Rf switch
Hide thumbs
Also See for RFS7000 Series:
- Reference manual (732 pages) ,
- Troubleshooting manual (60 pages) ,
- Installation manual (31 pages)
Table of Contents
Advertisement
6-22
Switch Security
NOTE Only a Port ACL supports a mark action. With Router ACLs, a mark is treated as a
permit and the packet is allowed without modifications.
6.5.1.5 Precedence Order
The rules within an ACL are applied to packets based on their precedence values. Every rule has a unique
precedence value between 1 and 5000. You cannot add two rules's with the same precedence value.
Consider the following when adding rules:
• Every ACL entry in an ACL is associated with a precedence value unique for every entry. You cannot enter
two different entries in an ACL with the same precedence value. This value can be between 1 and 5000.
An ACE in an ACL is associated with a unique precedence value. No two ACE's can have the same
precedence value.
• Specifying a precedence value with each ACL entry is not mandatory. If you do not want to specify one,
the system automatically generates a precedence value starting with 10. Subsequent entries are added
with precedence values of 20, 30 and so on. 10 is the default offset between any two rules in an ACL.
However, if the user specifies a precedence value with an entry, that value overrides the default value.
The user can also add an entry in between two subsequent entries (for example, in between 10 and 20).
• If an entry with a max precedence value of 5000 exists, you cannot add a new entry with a higher
precedence value. In such a case, the system displays an error stating "Rule with max precedence value
exists". Either delete the entry or add new entries with precedence values less than 5000. A user can
add a maximum of 500 ACE's in an ACL.
• Rules within an ACL are displayed in an ascending order of precedence.
NOTE ACEs with lower precedence are always applied first to packets. Therefore, it is
advised to add more specific entries in the ACL first then the general ones. While
displaying the ACL, the entries are displayed in an ascending order of precedence.
6.5.2 Configuring an ACL
Configure an ACL to enforce privilege separation and determine appropriate switch access permissions for
groups and users.
To configure an ACL:
1. Select
Security
>
2. Click the
Configuration
3. The Configuration tab consists of the following two fields:
• ACLs - existing access lists
• Associated Rules - allow/deny rules
ACLs
from the main tree menu.
tab.
Advertisement
Table of Contents
