Understanding acl priority, Assigning acls to a port – Blade ICE G8000 User Manual

RackSwitch G8000 Application Guide

98

„

Chapter 6: Quality of Service

BMD00041, November 2008

Understanding ACL priority

Each ACL has a unique priority, based on its number. The higher the ACL number, the higher
the priority, so ACL 1 has the lowest priority.

The priority is used to decide which ACL rule to apply when a packet matches one or more
ACLs. When an incoming packet matches the highest priority ACL, the ACL’s configured
action takes place. The other assigned ACLs are considered in numeric order, from highest to
lowest.

In the following example, the switch considers ACL 1003 before ACL 1001
because ACL 1003 has a higher priority. The order in which the ACLs are assigned to a port
does not affect their priority.

IP ACLs have precedence over MAC ACLs.

Assigning ACLs to a port

Once you configure an ACL, you must assign the ACL to a port. Each port can accept up to
127 ACLs. Note that higher priority ACLs are considered first, and their action takes prece-
dence over lower-priority ACLs.

When you assign an ACL to a port, you must specify the filtering direction for traffic on the
port by including one of the following parameters:

„

in: ingress traffic

„

out: egress traffic

Port 1 access group

ACL IP Extended 1001:
TCP
Port number = 80
Action = permit

ACL IP Extended 1002:

TCP
Port number = 23
Action = deny

ACL IP Extended 1003:

TCP
Port number = less than 100
Action = permit