Why an ACL does not take effect after a deny action is defined in the ACL

1

When an ACL is referenced in a traffic policy and the ACL is matched:
When the software version is a later version of V100R005, the deny action takes effect as long as the deny action is defined in the traffic behavior or ACL.
If the packets match the ACL,
When the software version is a later version of V100R005, the packets may match a rule with a higher priority and the action of the rule is not deny.

Other related questions:
Why do ACLs sometimes not take effect
The device delivers access control lists (ACLs) to MAC-based users only after the IP addresses are learned.

Why doesn't ACL delivery take effect sometimes?
For users who access a router based on MAC addresses, the router does not deliver an ACL until the router learns the IP addresses of the users.

Can an ACL rule match a time range that does not exist? Does the ACL take effect
When the ACL rule is configured to match time-range time-name, the configuration takes effect regardless of whether the time-range time-name command has been configured. If the ACL rule matches no time-range time-name, the device considers that the ACL rule is invalid and the time-range time-name command is in inactive state. After the time-range time-name command is configured and in active state, the ACL rule automatically updates its status and changes to valid.

Why doesn't the Layer 2 ACL on AR1220 series take effect sometimes
On AR1200 series, the Layer 2 ACL does not apply to the Layer 2 traffic between the eight fixed LAN interfaces.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top