DELL N3000 User Manual
628
Configuring Access Control Lists
ACL Configuration Examples
This section contains the following examples:
• "Basic Rules" on page 628
• "Internal System ACLs" on page 629
• "Complete ACL Example" on page 629
• "Advanced Examples" on page 633
• "Policy Based Routing Examples" on page 640
• "Internal System ACLs" on page 629
• "Complete ACL Example" on page 629
• "Advanced Examples" on page 633
• "Policy Based Routing Examples" on page 640
Basic Rules
• Inbound rule allowing all packets:
permit every
Administrators should be cautious when using the permit every rule in an
access list, especially when using multiple access lists. All packets match a
permit every rule and no further processing is done on the packet. This
means that a
permit every match in an access list will skip processing
subsequent rules in the current or subsequent access-lists and allow all
packets not previously denied by a prior rule.
• Inbound rule to drop all packets:
As the last rule in a list, this rule is redundant as an implicit "deny every" is
added after the end of the last access-group configured on an interface.
deny every
Administrators should be cautious when using the deny every rule in an
access list, especially when using multiple access lists. When a packet
matches a rule, no further processing is done on the packet. This means
that a
deny every match in an access list will skip processing subsequent
rules in the current or subsequent access-lists and drop all packets not
previously allowed by a prior rule.
• Inbound rule allowing access FROM hosts with IP addresses ranging from
10.0.46.0 to 10.0.47.254:
NOTE:
None of these ACL rules are applicable to the OOB interface.