747
The current firmware only supports ingress ACL configuration.
19.1.3 Access-list Action and Global Default Action
There are two access-list actions and default actions: “permit” or “deny”
The following rules apply:
z
An access-list can consist of several rules. Filtering of packets compares packet
conditions to the rules, from the first rule to the first matched rule; the rest of the
rules will not be processed.
z
Global default action applies only to IP packets in the incoming direction on the ports.
For non- incoming IP packets and all outgoing packets, the default forward action is
“permit”.
z
Global default action applies only when packet flirter is enabled on a port and no
ACL is bound to that port, or no binding ACL matches.
z
When an access-list is bound to the outgoing direction of a port, the action in the rule
can only be “deny”.
19.2 ACL Configuration
19.2.1 ACL Configuration Task Sequence
1. Configuring
access-list
(
1
)
Configuring a numbered standard IP access-list
(
2
)
Configuring a numbered extended IP access-list
(
3
)
Configuring a standard IP access-list based on nomenclature
a) Create a standard IP access-list based on nomenclature
b) Specify multiple “permit” or “deny” rule entries.
c) Exit ACL Configuration Mode
(
4
)
Configuring an extended IP access-list based on nomenclature.
a) Create an extensive IP access-list based on nomenclature
b) Specify multiple “permit” or “deny” rule entries.
c) Exit ACL Configuration Mode
(
5
)
Configuring a numbered standard MAC access-list
(
6
)
Configuring a numbered extended MAC access-list
(
7
)
Configuring a standard MAC access-list based on nomenclature