10G Core Routing Switch User Manual
陈泽科技有限公司
- - 78 - -
www.stephen-tele.com
ACL Configuration
ACL Overview
A series match rules must be configured to recognize the packets before they are filtered. Only when packets are
identified, can the network take corresponding actions, allowing or prohibiting them to pass, according to the preset
policies. Access control list (ACL) is targeted to achieve these functions.
ACLs classify packets using a series of matching rules, which can be source addresses, destination addresses and port
IDs. ACLs can be used globally on the switch or just at a port, through which the switch determines whether to forward
or drop the packets.
The matching rules defined in ACLs can also be imported to differentiate traffic in other situations, for example,
defining traffic classification rules in QoS.
An ACL rule can include many sub-rules, which may be defined for packets of different size. Matching order involves in
matching an ACL.
configuring ACL
The ACL configuration tasks include:
Define ACL
Applying an ACL to an Interface
You are recommended to run the configuration tasks in order, that is, first define ACL and last Applying an ACL to an
Interface.
Defining ACL
The switch supports several types of ACLs, which are described in this section. Follow these steps to define an ACL.
1) Enter the corresponding ACL configuration mode.
2) Define ACL sub-rules.
Note:
The ACL will be effective at any time after being activated.
You can define multiple rules for the ACL by using the rule command several times.
The switch does not support the explicit “deny any any” rule for the egress IP ACL or
the egress MAC ACLs.
Creating a Numbered Standard ACL
Beginning in privileged EXEC mode, follow these steps to create a numbered standard ACL:
Command
Purpose
Step 1
config terminal
Enter global configuration mode.
Step 2a
access-list
access-list-number
Enter the standard ACL configuration mode.
The
access-list-number
is a decimal number
from 1 to 99.
