
208CHAPTER 22: ACL CONFIGURATION GUIDE
Complete Configuration | # |
| acl number 2000 |
| rule 1 deny source 10.1.1.1 0 |
| # |
| interface Ethernet1/0/1 |
| |
| # |
| |
| # |
Precautions | ■ If a packet matches multiple ACL rules at the same time and some actions of |
| the rules conflict, the last assigned rule takes effective. |
■When applying multiple rules, you are recommended to apply rules in the ascending order of their mask ranges and apply rues with the same mask range at the same time. This is to ensure that the actual operation of the rules is consistent with the requirements.
■Some functions and protocols configured on the device may occupy ACL rule resources. The actual occupation varies with functions and protocols.
Configuring Advanced Advanced ACLs filter packets based on Layer 3 and Layer 4 header information
ACLssuch as the source and destination IP addresses, type of the protocols carried by IP,
The numbers of advanced ACLs range from 3000 to 3999.
Network Diagram Figure 59 Network diagram for advanced ACL configuration
| To the router |
| Wage query server |
| 192.168.1.2 |
Eth1/0/1 | Eth1/0/2 |
| Switch |
The R&D |
|
department |
|
Networking and Different departments of an enterprise are interconnected through a switch Configuration (assuming that the switch is a Switch 5500).The IP address of the wage query Requirements server is 192.168.1.2. The R&D department is connected to Ethernet 1/0/1 of the
switch. Apply an advanced ACL on the interface to deny access requests that are sourced from the R&D department and destined for the wage server during working hours (8:00 to 18:00).
Applicable Products
Product series | Software version | Hardware version |
|
|
|
Switch 5500 | Release V03.02.04 | All versions |