NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Execution order when binding multiple IP ACL tables
Model : GS108T managed switch
From your excellent manual, I understand that there is an implicit "Deny All" ACL rule at the end of an IP ACL table.
When binding multiple IP ACL tables (say, ACL ID 1 and ACL ID2) to one or more ports, executed in that order, is it correct that if a ACL rule condition is met in ACL ID 1, ACL ID 2 is not executed?
And if ACL ID 2 is executed, there is no implicit Deny All ACL rule at the end of ACL 1?
And finally, if no ACL rule condition is met in ACL 2 , the implicit Deny All is then executed?
Many thanks in advance.
Hi,
I assume you are making two different ACL tables? One table called: "ACL ID1" and one called "ACL ID2"? Or are you referring to two ACL rules, inside the same table?
Assuming that you are talking about two different tables and how to bind those to a single port:
1. You need bind the first table and give that sequence number: 1. Then bind the second table to the same port, but bind with sequence number: 2. What this will do is read all the ACLs in table 1 and the continue on to the rules in table 2 - as if they were one big table.
2. If you want several ACL tables to be executed, one after the other, then you only put a "Permit All" at the bottom of the last ACL table.
3. If no condition is meet in the last ACL table ("ACL ID2" in your case), then the implicit "Deny All" will be executed. Hence why you should set the "Permit All" as the last rule of the last table in the sequence.
I hope this helped. Cheers
3 Replies
Hi,
I assume you are making two different ACL tables? One table called: "ACL ID1" and one called "ACL ID2"? Or are you referring to two ACL rules, inside the same table?
Assuming that you are talking about two different tables and how to bind those to a single port:
1. You need bind the first table and give that sequence number: 1. Then bind the second table to the same port, but bind with sequence number: 2. What this will do is read all the ACLs in table 1 and the continue on to the rules in table 2 - as if they were one big table.
2. If you want several ACL tables to be executed, one after the other, then you only put a "Permit All" at the bottom of the last ACL table.
3. If no condition is meet in the last ACL table ("ACL ID2" in your case), then the implicit "Deny All" will be executed. Hence why you should set the "Permit All" as the last rule of the last table in the sequence.
I hope this helped. Cheers
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
