3 show firewall, 4 show time-range, 2 acl troubleshooting – Amer Networks SS2R48G4i V2 User Manual

SS2R24G4i/SS2R48G4i

143

Parameters ,

Interface name

Default

None

Command Mode

Admin mode

Displayed information

Explanation

interface name Ethernet0/0/2

Tying situation on port Ethernet0/0/2

IP Ingress access-list used is
111

No. 111 numeric expansion ACL tied to entrance
of port Ethernet0/0/2

interface name Ethernet0/0/1

Tying situation on port Ethernet0/0/1

IP Ingress access-list used is
10

No. 10 standard expansion ACL tied to entrance
of port Ethernet0/0/1

15.5.1.3 show firewall

Command show firewall

Functions

Reveal configuration information of packet filtering functions

Parameters

None

Default

None

Command Mode

Admin mode

Displayed information

Explanation

fire wall is enable

Packet filtering function enabled

the default action of firewall is permit Default packet filtering function is permit

15.5.1.4 show time-range

Command show time-range

Functions

Reveal configuration information of time range functions

Parameters word

assign name of time-range needed to be revealed

Default

None

15.5.2 ACL Troubleshooting

&

The check of list entris in ACL is a top-down behavior, once one entry is mached, the check will be

finished immediately;

&

Only when there is no ACL binded or no ACL entry mached on the special direction of the port, the

default rules will be used;

&

Each port ingress can bind one MAC-IP ACL or one IP ACL or one MAC ACL;

&

Each port egress can bind one MAC-IP ACL or one IP ACL or one MAC ACL

&

When two sets of ACL are binded to the ingress and egress simultaneously, the priority of the

egress rules is higher than that of ingress rules; in the same set of ACL, the earlier the rule is
configurated, the higher its priority is;

&

When one ACL is binded to egress direction of the port, it can only include deny list entries;

&

Only the interfaces on the MASTER switch can support the binding of ACL;