D-Link DGS-6600-48TS Configuration Guide - Page 416
Applying Access Control Lists to Interfaces, checked without any time constraints.
View all D-Link DGS-6600-48TS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 416 highlights
Volume 8-Security & Authentication / Chapter 38-Access Control Lists (ACL) Configuration Overview • The Order in Evaluating Criteria Statements When an access list with multiple criteria statements is applied to a port, the device will test each packet against each criteria statement in the order that the criteria statements are located. After a criteria statement is matched, an action is taken based on the matched statement and no more criteria statements are checked. That is, prior criteria statements get a higher precedence for being checked. The ordering of a statement can be explicitly defined or automatically assigned. To manually control the ordering, the user can define the statement with a priority number. A smaller priority number means a higher precedence. If the user does not specify the priority number when entering a criteria statement, a priority number will be automatically assigned. • Associating a Time Range with a Criteria Statement The user can also associate a criteria statement with a time range profile. If a criteria statement is associated with a time range profile, the statement will only be checked for the periods defined by the profile. If a time range is not specified, the criteria statement will be checked without any time constraints. 3) Applying Access Control Lists to Interfaces The user can apply up to one MAC access control list, one IP access control list and one IPv6 access control list to an interface. If both a MAC access control list and an IP access control list are applied, the device will check the MAC access control list for the packet first. If the packet matches the criteria statement in the MAC access control list and is permitted, the device will proceed and check if the packet matches an IP ACL entry if the packet is an IPv4 packet or a IPv6 ACL entry if the packet is an IPv6 packet. If a deny statement is matched, the packet is dropped without any further ACL checking. DGS-6600 Configuration Guide 416