3 show firewall, 4 show time-range, 2 acl troubleshooting – Amer Networks SS2R48G4i V2 User Manual
Page 154
SS2R24G4i/SS2R48G4i
143
Parameters <name>,
Interface name
Default
None
Command Mode
Admin mode
Displayed information
Explanation
interface name Ethernet0/0/2
Tying situation on port Ethernet0/0/2
IP Ingress access-list used is
111
No. 111 numeric expansion ACL tied to entrance
of port Ethernet0/0/2
interface name Ethernet0/0/1
Tying situation on port Ethernet0/0/1
IP Ingress access-list used is
10
No. 10 standard expansion ACL tied to entrance
of port Ethernet0/0/1
15.5.1.3 show firewall
Command show firewall
Functions
Reveal configuration information of packet filtering functions
Parameters
None
Default
None
Command Mode
Admin mode
Displayed information
Explanation
fire wall is enable
Packet filtering function enabled
the default action of firewall is permit Default packet filtering function is permit
15.5.1.4 show time-range
Command show time-range<word>
Functions
Reveal configuration information of time range functions
Parameters word
assign name of time-range needed to be revealed
Default
None
15.5.2 ACL Troubleshooting
&
The check of list entris in ACL is a top-down behavior, once one entry is mached, the check will be
finished immediately;
&
Only when there is no ACL binded or no ACL entry mached on the special direction of the port, the
default rules will be used;
&
Each port ingress can bind one MAC-IP ACL or one IP ACL or one MAC ACL;
&
Each port egress can bind one MAC-IP ACL or one IP ACL or one MAC ACL
&
When two sets of ACL are binded to the ingress and egress simultaneously, the priority of the
egress rules is higher than that of ingress rules; in the same set of ACL, the earlier the rule is
configurated, the higher its priority is;
&
When one ACL is binded to egress direction of the port, it can only include deny list entries;
&
Only the interfaces on the MASTER switch can support the binding of ACL;