Do CE series switches support reflective ACLs


CE series switches do not support reflective ACLs.

Other related questions:
Whether the USG2000&5000&6000 support reflective ACLs
The USG6650 and USG5120 do not support reflective ACLs for now.

Whether S series switches support reflective ACLs
Only the S series modular switches (except S1700 switches), for example, the S7700, S9700, S12700, and S9300 switches, support reflective ACLs.

Reflective ACL configuration on S series switch
On an S series switch, except S1700: Reflective ACL is a type of dynamic ACL. It controls user access according to the upper-layer session information in IP packets to prevent hosts on the public network from connecting to the private network unless users on the private network connect to the public network first. In this way, the reflective ACL protects the private network of an enterprise against attacks from unauthorized external users. For example, GE2/0/1 on a switch connects to the Internet. The reflective ACL is configured on GE 2/0/1 in the outbound direction to prevent the server on the Internet from accessing hosts on the internal network unless the internal hosts access the server first. The configurations are as follows: [HUAWEI] acl 3000 [HUAWEI-acl-adv-3000] rule permit udp [HUAWEI-acl-adv-3000] quit [HUAWEI] interface gigabitethernet 2/0/1 [HUAWEI-GigabitEthernet2/0/1] traffic-reflect outbound acl 3000 timeout 600 //Configure reflective ACL on GE2/0/1 to match UDP packets and set the aging time. [HUAWEI-GigabitEthernet2/0/1] quit [HUAWEI] traffic-reflect timeout 900 //Set the global aging time for reflective ACL. Run the display traffic-reflect command in the system view to view the reflective ACL information.

Do WLAN devices support reflective ACLs
ACs and APs do not support reflective ACLs.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top