The destination IP address cannot be found after an ACL rule is configured on the AC

6

The possible cause is that the wildcard of the destination IP address is set to 255.255.255.255, causing the ACL rule to match all packets.

Other related questions:
The user cannot be found on the AC after the user has gone online and obtained an IP address
If a user cannot be found on the AC after having gone online and obtained an IP address, check whether Portal authentication is configured on the AC. If yes, user information is displayed on the AC only after the user is authenticated successfully.

What is the matching order of an ACL on a WLAN device
If ACL rules repeat or conflict, the matching order decides the packet matching result. WLAN devices support two ACL matching orders: the configuration order (config) and the automatic order (auto). Configuration order The system matches packets against ACL rules in ascending order of rule IDs. That is, the rule with the smallest ID is processed first. If a smaller rule ID is manually specified for a rule, the rule is inserted in one of the front lines of an ACL and processed earlier. If no ID is manually specified for a rule, the system allocates an ID to the rule. The rule ID is greater than the largest rule ID in the ACL and is the minimum multiple of the step; therefore, this rule is processed last. Automatic order The system arranges rules according to precision degree of the rules (depth priority), and matches packets against the rules in descending order of precision. A rule with the highest precision defines strictest conditions, and has the highest priority. The system matches packets against this rule first.

An ACL with no rule is configured. What is the status of the ACL that is referenced by the firewall
The ACL status is deny, that is, the ACL rejects packets.

ACL based on source MAC addresses and destination IP addresses on S series switches
S series switches (except S1700 switches) do not support ACL based on source MAC addresses and destination IP addresses. If only the source MAC address and destination MAC address need to be specified, you can configure a Layer 2 ACL whose number ranges from 4000 to 4999. If only the source IP address and destination IP address need to be specified, you can configure an advanced ACL whose number ranges from 3000 to 3999.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top