Understanding acl priority, Assigning acls to a port, Table 13: well-known application ports – Juniper Networks EX2500 User Manual

Using ACL Filters

„

57

Chapter 5: Quality of Service

Understanding ACL Priority

Each ACL has a unique priority value, based on its number. The lower the ACL
number, the higher the priority, so ACL 1 has the highest priority. The priority value
is used to decide which ACL rule to apply when a packet matches one or more
ACLs. When an incoming packet matches the highest priority ACL, the ACL’s
configured action takes place. The other assigned ACLs are considered in numeric
order, from lowest to highest.

In the following example, the switch considers ACL 128 before ACL 130 because
ACL 128 has a higher priority. The order in which the ACLs are assigned to a port
does not affect their priority.

Port 1 access group

ACL IP Extended 128:
TCP
Port number = 80
Action = permit

ACL IP Extended 129:
TCP
Port number = 23
Action = deny

ACL IP Extended 130:
TCP
Port number = less than 100
Action = permit

Assigning ACLs to a Port

Once you configure an ACL, you must assign the ACL to a port. Each port can
accept multiple ACLs. Note that higher-priority ACLs are considered first, and their
action takes precedence over lower-priority ACLs.

Table 13: Well-Known Application Ports

Number

TCP/UDP
Application

Number

TCP/UDP
Application

Number

TCP/UDP
Application

20

21

22

23

25

37

42

43

53

69

70

ftp-data

ftp

ssh

telnet

smtp

time

name

whois

domain

tftp

gopher

79

80

109

110

111

119

123

143

144

161

162

finger

http

pop2

pop3

sunrpc

nntp

ntp

imap

news

snmp

snmptrap

179

194

220

389

443

520

554

1645, 1812

1813

1985

bgp

irc

imap3

ldap

https

rip

rtsp

RADIUS

RADIUS accounting

hsrp