278
EES4710BD 10 Slots L2/L3/L4 Chassis Switch
Command mode: Admin Mode
Usage Guide:
Example:
Switch#show firewall
Firewall Status: Enable.
Firewall Default Rule: Permit.
Displayed information Explanation
Firewall Status: Enable. Enables packet filtering function
Firewall Default Rule: Permit. The default action for packet filtering is
“permit”
& Checking for entries in the ACL is done in a top-down order and ends whenever an entry is
matched.
& Default rule will be used only if no ACL is bound to the specific direction of the port, or no
ACL entry is matched.
& Applies to IP packets incoming on all ports, and has no effect on other types of packets.
& One port can bound to only one incoming ACL.
& The number of ACLs that can be successfully bound depends on the content of the ACL bound
and the hardware resource limit. Users will be prompted if an ACL cannot be bound due to
hardware resource limitation.
& If an access list contains same filtering information but conflicting action rules, binding to the
port will fail with an error message. For instance, configuring “permit tcp any-source
any-destination” and ”deny tcp any-source any-destination” at the same time is not permitted.
& Viruses such as “worm.blaster” can be blocked by configuring ACL to block certain ICMP
packets.
By clicking the ACL configuration icon, it will open up the ACL sub-sections which include the
following parts:
z Numeric ACL Configuration – Standard and Extended types
z ACL Name Configuration – Standard and Extended types
z Filter Configuration -- enable global configuration and the default action to bind ACL to the
ports