× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi WiFi 7 RBE973
Reply

Execution order when binding multiple IP ACL tables

db-user
Aspirant

Execution order when binding multiple IP ACL tables

Model : GS108T managed switch

 

From your excellent manual, I understand that there is an implicit "Deny All" ACL rule at the end of an IP ACL table.

 

When binding multiple IP ACL tables (say, ACL ID 1 and ACL ID2) to one or more ports, executed in that order, is it correct that if a ACL rule condition is met in ACL ID 1, ACL ID 2 is not executed?

 

And if  ACL ID 2 is executed, there is no implicit Deny All ACL rule at the end of ACL 1?

 

And finally, if no ACL rule condition is met in ACL 2 , the implicit Deny All is then executed?

 

Many thanks in advance.

Message 1 of 4

Accepted Solutions
Hopchen
Prodigy

Re: Execution order when binding multiple IP ACL tables

Hi,

 

I assume you are making two different ACL tables? One table called: "ACL ID1" and one called "ACL ID2"? Or are you referring to two ACL rules, inside the same table?

 

Assuming that you are talking about two different tables and how to bind those to a single port:

 

1. You need bind the first table and give that sequence number: 1. Then bind the second table to the same port, but bind with sequence number: 2. What this will do is read all the ACLs in table 1 and the continue on to the rules in table 2 - as if they were one big table.

 

2. If you want several ACL tables to be executed, one after the other, then you only put a "Permit All" at the bottom of the last ACL table.

 

3. If no condition is meet in the last ACL table ("ACL ID2" in your case), then the implicit "Deny All" will be executed. Hence why you should set the "Permit All" as the last rule of the last table in the sequence. 


I hope this helped. Cheers

View solution in original post

Message 2 of 4

All Replies
Hopchen
Prodigy

Re: Execution order when binding multiple IP ACL tables

Hi,

 

I assume you are making two different ACL tables? One table called: "ACL ID1" and one called "ACL ID2"? Or are you referring to two ACL rules, inside the same table?

 

Assuming that you are talking about two different tables and how to bind those to a single port:

 

1. You need bind the first table and give that sequence number: 1. Then bind the second table to the same port, but bind with sequence number: 2. What this will do is read all the ACLs in table 1 and the continue on to the rules in table 2 - as if they were one big table.

 

2. If you want several ACL tables to be executed, one after the other, then you only put a "Permit All" at the bottom of the last ACL table.

 

3. If no condition is meet in the last ACL table ("ACL ID2" in your case), then the implicit "Deny All" will be executed. Hence why you should set the "Permit All" as the last rule of the last table in the sequence. 


I hope this helped. Cheers

Message 2 of 4
db-user
Aspirant

Re: Execution order when binding multiple IP ACL tables

Many thanks.

 

I did some homework and think I now understand the reason for the Permit All.

Message 3 of 4
Hopchen
Prodigy

Re: Execution order when binding multiple IP ACL tables

No problem 🙂

Message 4 of 4
Top Contributors
Discussion stats
  • 3 replies
  • 3500 views
  • 1 kudo
  • 2 in conversation
Announcements