beautypg.com

Acl filter sequence numbers, Acl filter sequence number behavior, Acl filter sequence number applicability – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 838: Acl filter sequence numbers” on

background image

Access Control Lists Introduction

Software Reference for x310 Series Switches

33.14

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

ACL Filter Sequence Numbers

To help you manage ACLs you can apply sequence numbers to filters. This allows you to
remove filters from named and numbered ACLs without having to reconfigure an ACL.

The ability to add sequence numbers to filters simplifies updates through the ability to
position a filter within an ACL. When you add a new filter, you can specify a sequence
number to position the filter in the ACL and you can also remove a current filter in an ACL
by specifying a sequence number.

ACL Filter Sequence Number Behavior

If filters with no sequence numbers are applied then the first filter is assigned a
sequence number of 10, and successive filters are incremented by 10. Sequence
numbers are generated automatically if they are not specified at entry.

The maximum filter sequence number is 65535. If the sequence number exceeds this
maximum, the command will not be recognized and will show the error message:
% Unrecognized command

If you enter a filter without a sequence number it is assigned a sequence number that
is 10 greater than the last sequence number and is placed at the end of the ACL.

If you enter a filter that matches an already existing filter then the first filter is
overwritten with the subsequent filter.

ACL sequence numbers determine the order of execution of filters in an ACL. Filters in
a ACL with a lower value sequence number are executed before filters with a higher
value.

Output from

show running-config

displays ACL entries without filter sequence

numbers. Output from relevant show commands displays ACL entries with their
sequence numbers.

ACL sequence numbers are re-numbered upon switch restart following a

reload

command, or after powering off and powering on the switch. ACL sequence numbers
are renumbered starting from 10 and increment by 10 for each filter. See the sample
output in the configuration section that follows for an illustration of this behavior. No
ACL sequence number re-number command is available to perform this action.

The ACL sequence number feature works with numbered and named standard and
extended IPv4 and IPv6 access lists, plus named hardware IPv4 and IPv6 access lists

The name of an access list can be designated as a number. Number in named ACLs
must not exist within the range of designated numbered ACLs. (where <1-99> and
<1300-1999> are standard numbered ACLs, <100-199> and <2000-2699> are
extended numbered ACLs, <3000-3699> and <4000-4699> are hardware numbered
ACLs).

ACL Filter Sequence Number Applicability

The ACL sequence number support feature is available with numbered and named
standard and extended IPv4 and IPv6 ACLs, and the named hardware IPv4 and IPv6 ACLs.

Numbered standard ACLs are available in the range <1-99> and <1300-1999>, which
permit or deny source addresses to control packets coming from network devices or hosts,
in software.

See also other documents in the category Allied Telesis Computer hardware: