Actions; Id Numbers; How Ingress Packets Are Compared Against Acls; Table 158. Access Control List Id Number Ranges - Allied Telesis AT-8100L/8 User Manual

Fast ethernet switches at-8100 series management software command line interface user’s guide alliedware plus version 2.2.5

Hide thumbs Also See for AT-8100L/8:

Installation manual (116 pages)

page of 1956

/ 1956
Contents
Table of Contents
Bookmarks

Table of Contents

Actions

The action defines the response to packets that match the filtering criterion

of the ACL. There are three possible actions:

For both Numbered IPv4 ACLs and Numbered MAC ACLs, you must

assign each ACL a unique ID number. There are two ID number ranges

that are displayed in Table 158.

As stated previously, ports that do not have an ACL forward all ingress

packets. Ports with one or more deny ACLs discard ingress packets that

match the ACLs and forward all other traffic. A port that has one ACL that

specifies a particular source IP address, for example, discards all ingress

Against ACLs

packets with the specified source address and forwards all other traffic. In

situations where a port has more than one deny ACL, packets are

discarded at the first match.

Since ports forward all ingress packets unless they have deny ACLs,

permit ACLs are only necessary in situations where you want a port to

forward packets that are a subset of a larger traffic flow that is blocked, for

example, a port that forwards only packets having a specified destination

IP address. A permit ACL specifies the packets with the intended

destination IP address, and a deny ACL specifies all traffic.

When ports have both permit and deny ACLs, you must add the permit

ACLs first, because packets are compared against the ACLs in the order

they are added to the ports. If a permit ACL is added after a deny ACL,

ports are likely to discard packets specified by the permit ACL, thus

causing them to block packets you want them to forward. This concept is

illustrated in the examples in this chapter.

Permit— A permit action instructs ports to forward ingress packets

that match the specified traffic flow of the ACL. By default, all

ingress packets are forwarded by the ports.

Deny— A deny action instructs ports to discard the specified

ingress packets.

Copy to mirror— This action causes a port to copy all ingress

packets that match the ACL to the destination port of the mirror

port. This action must be used in conjunction with the port mirror

feature, explained in Chapter 27, "Port Mirror" on page 459.

Numbered IPv4 ACLs

Numbered MAC ACLs

AT-8100 Switch Command Line User's Guide

ID Number Range

Show Quick Links

Quick Links:
Local Management
Resetting the Switch
Restoring the Default Settings to the...

Table of Contents

Actions; Id Numbers; How Ingress Packets Are Compared Against Acls; Table 158. Access Control List Id Number Ranges - Allied Telesis AT-8100L/8 User Manual

Actions

ID Numbers

Table 158. Access Control List ID Number Ranges

Hide quick links:

Related Manuals for Allied Telesis AT-8100L/8

Related Content for Allied Telesis AT-8100L/8

This manual is also suitable for:

Table of Contents