Why do ACLs sometimes not take effect


The device delivers access control lists (ACLs) to MAC-based users only after the IP addresses are learned.

Other related questions:
Why can Layer 2 ACLs not take effect on AR1200 series
Fixed local area network (LAN) interfaces on the AR1200 series do not support Layer 2 access control lists (ACLs).

Why doesn't ACL delivery take effect sometimes?
For users who access a router based on MAC addresses, the router does not deliver an ACL until the router learns the IP addresses of the users.

Why doesn't the Layer 2 ACL on AR1220 series take effect sometimes
On AR1200 series, the Layer 2 ACL does not apply to the Layer 2 traffic between the eight fixed LAN interfaces.

Mechanism for ACL rules on S series switches to take effect
ACL rules on S series switches are classified into the following two modes: An ACL is bound to the traffic policy and delivered to the hardware of the LPU through the first mode. The second mode relates to software processing. An ACL prevents users from logging in through Telnet. After being sent to the CPU, packets are processed in the sequence that is specified during the configuration of the ACL. Rules in an ACL can be matched according to the depth first principle or the configuration order.

Why an ACL does not take effect after a deny action is defined in the ACL
When an ACL is referenced in a traffic policy and the ACL is matched: When the software version is a later version of V100R005, the deny action takes effect as long as the deny action is defined in the traffic behavior or ACL. If the packets match the ACL, When the software version is a later version of V100R005, the packets may match a rule with a higher priority and the action of the rule is not deny.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top