RackSwitch G8000 Application Guide

Understanding ACL priority

Each ACL has a unique priority, based on its number. The higher the ACL number, the higher the priority, so ACL 1 has the lowest priority.

The priority is used to decide which ACL rule to apply when a packet matches one or more ACLs. When an incoming packet matches the highest priority ACL, the ACL’s configured action takes place. The other assigned ACLs are considered in numeric order, from highest to lowest.

In the following example, the switch considers ACL 1003 before ACL 1001

because ACL 1003 has a higher priority. The order in which the ACLs are assigned to a port does not affect their priority.

Port 1 access group

ACL IP Extended 1001:

TCP

Port number = 80

Action = permit

ACL IP Extended 1002:

TCP

Port number = 23

Action = deny

ACL IP Extended 1003:

TCP

Port number = less than 100

Action = permit

IP ACLs have precedence over MAC ACLs.

Assigning ACLs to a port

Once you configure an ACL, you must assign the ACL to a port. Each port can accept up to 127 ACLs. Note that higher priority ACLs are considered first, and their action takes prece- dence over lower-priority ACLs.

When you assign an ACL to a port, you must specify the filtering direction for traffic on the port by including one of the following parameters:

„in: ingress traffic

„out: egress traffic

98 „ Chapter 6: Quality of Service

BMD00041, November 2008

Page 98
Image 98
Blade ICE G8000 manual Understanding ACL priority, Assigning ACLs to a port