How are packets processed when an ACL is used for each feature on an AR

7

When an ACL is applied to Telnet, the system can forward packets matching the permit rule through FTP, but cannot forward packets that match the deny rule or do not match any ACL rule through FTP.
When an ACL is applied to Telnet, the system can forward packets matching the permit rule through Telnet, but cannot forward packets that match the deny rule or do not match any ACL rule through Telnet.
When an ACL is applied to NAT, the system applies NAT to packets matching the permit rule, does not apply NAT to packets matching the deny rule, and forwards the packets that do not match any ACL rule.
When an ACL is applied to a traffic policy, the system processes packets matching the permit rule based on the traffic policy, discards packets matching the deny rule, and directly forwards the packets that do not match any ACL rule.
When an ACL is applied to packet filtering, the system forwards packets matching the permit rule, discards packets matching the deny rule, and applies the default rule to the packets that do not match any ACL rule.
When an ACL is applied to port mapping, the system mirrors packets matching the permit rule, and do not mirror packets that match the deny rule or do not match any ACL rule.
When an ACL is applied to the session log function, the system records logs about the packets matching the permit rule, and does not record logs about the packets that match the deny rule or do not match any ACL rule.
When an ACL is applied to a blacklist, the system discards packets matching the permit or deny rule, and forwards the packets that do not match any ACL rule.

Other related questions:
How does an S series switch process packets when Layer 2 multicast references an ACL
In Layer 2 multicast, three functions need to reference the ACL. After an ACL is referenced, packets are processed based on ACL rules. If no rule is configured, packets are processed as follows: - IGMP snooping group policy: In V200R001 and earlier versions, the default rule is permit. In V200R002 and later versions, if default-permit is not configured, the default rule is deny; if default-permit is configured, the default rule is permit. - IGMP snooping prompt leave: In V200R001 and earlier versions, the default rule is permit. In V200R002 and later versions, if default-permit is not configured, the default rule is deny; if default-permit is configured, the default rule is permit. - IGMP snooping SSM policy: The default rule is deny.

How are PPPoE packets and common data packets are processed when the load balancing algorithm is used
When the load balancing algorithm is used, only the Layer 2 header in PPPoE packets is used in calculation. For PPPoE packets, use the load balancing algorithm based on source or destination MAC addresses.

Layer 2 transparent transmission on S series switch
Layer 2 transparent transmission mechanism on S series switches, except S1700: PEs replace the standard multicast destination MAC address of user-side Layer 2 protocol packets with a specified multicast MAC address according to the mappings between multicast destination MAC addresses and Layer 2 protocols. Internal nodes on the backbone network forward the packets across the backbone network as common Layer 2 packets. The egress device of the backbone network restores the original destination MAC address of the packets according to the mappings between multicast destination MAC addresses and Layer 2 protocols, and then forwards the packets to user networks. After the destination MAC address in a user-side packet is replaced, the packet traverses the backbone network, but will not be terminated. The new MAC address in packet is configured by the l2protocol-tunnel group-mac command. S series switches can transparently transmit the following packets: 1. Spanning Tree Protocol (STP) 2. Link Aggregation Control Protocol (LACP) 3. Ethernet Operation, Administration, and Maintenance 802.3ah (EOAM3ah) 4. Link Layer Discovery Protocol (LLDP) 5. Generic VLAN Registration Protocol (GVRP) 6. Generic Multicast Registration Protocol (GMRP) 7. HUAWEI Group Management Protocol (HGMP) 8. VLAN Trunking Protocol (VTP) 9. Unidirectional Link Detection (UDLD) 10. Port Aggregation Protocol (PAGP) 11. Cisco Discovery Protocol (CDP) 12. Per VLAN Spanning Tree Plus (PVST+) 13. Shared Spanning Tree Protocol (SSTP), only supported by fixed switches 14. Dynamic Trunking Protocol (DTP) 15. Device Link Detection Protocol (DLDP) 16. User-defined protocol packets

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top