Intel 480T Switch User Manual


 
312
Intel
®
NetStructure 480T Routing Switch User Guide
Physical source port
Precedence number (optional)
How IP Access Lists Work
For each access list entry, you can either permit the packet to be
forwarded, or deny the packet (in which case, it is dropped). When
you create a permit access list condition, you can optionally specify
a QoS profile.
The QoS profile informs
the 480T routing switch
which bandwidth
management and priority
to use when transmitting
the packet.
When a packet arrives on an ingress port, the packet is compared
with the access list rules to determine a match. When a match is
found, the packet is processed.
If the access list is of type deny, the packet is dropped. If the list is
of type permit, the packet is forwarded. A permit access list can also
apply a QoS profile to the packet.
Precedence Numbers
The precedence number is optional, and determines the order in
which each rule is examined by the 480T routing switch. Access list
entries that contain a precedence number are evaluated from highest
to lowest precedence.
You can specify overlapping rules; however, if you are using
precedence numbers, overlapping rules without precedence
numbers are ignored. Therefore, precedence numbers must be
specified among all overlapping rules.
If a new rule without a precedence number is entered, and it
overlaps existing rules, the switch rejects the new rule and resolves
the precedences among all remaining overlapping rules.
Specifying a Default Rule
To begin constructing an access list, you should specify a default
rule. A default rule contains wildcards for destination and source IP
address, with no Layer 4 information.
A default rule determines whether the behavior of the access list is
an implicit deny or implicit accept. If no access list entry is satisfied,
the default rule is used to determine whether the packet is forwarded