User Manual

Chapter 4 - Operation and Administration Using the CLI NPU Configuration

4Motion 215 System Manual

4.3.9 Configuring ACLs

ACLs are applied on traffic received from the DATA, MGMT or CSCD ports, and

destined towards the following virtual interfaces:

 AUs

 NPU

By default, all traffic destined towards the AUs or NPU is denied. To enable initial

access to the device, the factory default configuration includes a standard ACL

(ACL 1) with a pre-configured rule permitting unrestricted access to the

Local-Management interface. You can use the CLI to configure ACLs for permitting

or denying traffic destined towards the NPU or AUs.

You can create the following types of ACLs:

 Standard: Allows you to filter traffic based on the source and destination IP

addresses.

 Extended: Allows you to filter traffic based on the source and destination IP

addresses, source and destination ports, and protocol.

You can create the following types of rules for an ACL:

 Permit: Indicates that traffic matching the filter criteria is allowed to reach the

NPU or AUs.

 Deny: Indicates that traffic matching the filter criteria is dropped, and not

allowed to reach the NPU or AUs.

You can configure multiple rules for each ACL; the priority for these rules is

applied with respect to the sequence in which these rules are configured. After

Command

Modes

Global command mode

IMPORTANT

You can use extended ACL 199 to configure QoS classification rules for classifying traffic originating

from the NPU into different flows. For details, refer

“Configuring QoS Marking Rules” on

page 196