Table of Contents
Advertisement
Switch#show time-range
time-range timer1 (inactive)
absolute-periodic Saturday 0:0:0 to Sunday 23:59:59
time-range timer2 (active)
absolute-periodic Monday 0:0:0 to Friday 23:59:59
15.5.2 ACL Troubleshooting
The check of list entris in ACL is a top-down behavior, once one entry is mached, the
check will be finished immediately;
Only when there is no ACL binded or no ACL entry mached on the special direction of
the port, the default rules will be used;
Each port ingress can bind one MAC-IP ACL or one IP ACL or one MAC ACL;
Each port egress can bind one MAC-IP ACL or one IP ACL or one MAC ACL
When two sets of ACL are binded to the ingress and egress simultaneously, the
priority of the egress rules is higher than that of ingress rules; in the same set of ACL,
the earlier the rule is configurated, the higher its priority is;
When one ACL is binded to egress direction of the port, it can only include deny list
entries;
Only the interfaces on the MASTER switch can support the binding of ACL;
The number of ACL that can be binded successfully is dependent on the content of
binded ACL and the limitation of hardware resource;
If there are some rules including the same filtering information but conflicting behavior
in the access-list, it can not be binded to the port, and will cause an error prompt. For
example: configure permit tcp any-source any-destination and deny tcp any-source
any-destination at the same time.
Viruses such as 'worm.blaster' can be blocked by configuring ACL to block specific
ICMP packets or specific TCP or UDP port packet.
ACL can only be bound to inbound interfaces, and can not be bound to outbound
interfaces currently.
DCS-3950 series Ethernet switch manual
282
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
