/
Configuring an ACL

Configuring an ACL

Overview

ACL (Access Control List) is a set of packet filtering rules that define conditions of source addresses, destination addresses, interfaces, etc. The switch permits or denies packets according to the configured action of ACL rules.

ACL can manage network access behaviors, prevent network attacks, and improve bandwidth utilization through accurately identifying and controlling packets, which ensures network security and service quality.

Procedure

Step 1 Set the sequence number of priority.

set firewall filter <filter-name> sequence <sequence-number>

Step 2 Specify the source address and source port to filter matched packets.

set firewall filter <filter-name> sequence <sequence-number> from {source-address-ipv4 <address/prefix-length> | source-address-ipv6 < address/prefix-length > | source-mac-address <mac-address> | source-port <port-number>}

NOTEs:

  • The current ACL rule configuration is updated: You need to specify the protocol type (such as TCP or UDP) before configuring an L4 port (source-port and destination-port).

  • You can use the command set firewall filter sequence from protocol to specify the protocol type before configuring the L4 port.

Step 3 Specify the execution action for packets matching the filter.

set firewall filter <filter-name> sequence <sequence-number> then action {discard | forward}

Step 4 Specify the physical interface, VLAN interface or routed interface to filter matched incoming and egress packets.

set firewall filter <filter-name> input {interface <interface-name > | vlan-interface <vlan-interface-name> | routed-interface <routed-interface-name>}

set firewall filter <filter-name> output {interface <interface-name> | vlan-interface <vlan-interface-name> | routed-interface <routed-interface-name>}

Step 5 Commit the configuration.

commit

Verifying the Configuration

After the configuration is completed, in the configuration mode, use run show filter <filter-name> [sequence <sequence-number>] command to view the matching condition of specified filter.

Other Configurations

To delete the configured filter, use delete firewall filter<filter-name> command.

Copyright © 2025 Pica8 Inc. All Rights Reserved.