Setting a time range – LevelOne GTL-2691 User Manual
Page 352
C
HAPTER
13
| Security Measures
Access Control Lists
– 352 –
◆
If no matches are found down to the end of the list, the traffic is
denied. For this reason, frequently hit entries should be placed at the
top of the list. There is an implied deny for traffic that is not explicitly
permitted. Also, note that a single-entry ACL with only one deny entry
has the effect of denying all traffic. You should therefore use at least
one permit statement in an ACL or all traffic will be blocked.
Because the switch stops testing after the first match, the order of the
conditions is critical. If no conditions match, the packet will be denied.
The order in which active ACLs are checked is as follows:
1.
User-defined rules in IP and MAC ACLs for ingress ports are checked in
parallel.
2.
Rules within an ACL are checked in the configured order, from top to
bottom.
3.
If the result of checking an IP ACL is to permit a packet, but the result
of a MAC ACL on the same packet is to deny it, the packet will be
denied (because the decision to deny a packet has a higher priority for
security reasons). A packet will also be denied if the IP ACL denies it
and the MAC ACL accepts it.
S
ETTING
A T
IME
R
ANGE
Use the Security > ACL (Configure Time Range) page to sets a time range
during which ACL functions are applied.
CLI R
EFERENCES
◆
P
ARAMETERS
These parameters are displayed:
Add
◆
Time-Range Name – Name of a time range. (Range: 1-30 characters)
Add Rule
◆
Time-Range – Name of a time range.
◆
Mode
■
Absolute – Specifies a specific time or time range.
■
Start/End – Specifies the hours, minutes, month, day, and year
at which to start or end.
■
Periodic – Specifies a periodic interval.
■
Start/To – Specifies the days of the week, hours, and minutes
at which to start or end.