Guidelines – Allied Telesis AT-FS970M Series User Manual

Chapter 20: Access Control Lists (ACL)

234

Guidelines

Here are the ACL guidelines:



An ACL can have a permit, deny, or copy-to-mirror action. The permit
action allows ports to forward ingress packets of the designated traffic
flow, while the deny action causes ports to discard packets. The copy-
to-mirror action causes a port to copy all ingress packets that match
the ACL to the destination port for mirroring.



A port can have more than one ACL.



An ACL can be assigned to more than one port.



ACLs filter ingress packets on ports, but they do not filter egress
packets. As a result, you must apply ACLs to the ingress ports of the
designated traffic flows.



ACLs for static port trunks or LACP trunks must be assigned to the
individual ports of the trunks.



A port that has more than one ACL checks the ingress packets in the
order in which the ACLs are added and forwards or discards packets
at the first match. The order matters when applying ACLs to a port.



An ACL can have multiple filtering criteria. For example, an ACL filters
with a specific source IP address and UDP port number.



Because ports, by default, forward all ingress packets, permit ACLs
are only required in circumstances where you want ports to forward
packets that are subsets of larger packet flows that are blocked by
deny ACLs.