Using a Default ACL Rule

Using a Default ACL Rule

By default, the switch classifies packets by their layer 2 priority, if they do not match an ACL rule. However, you can set up a default ACL rule that the switch will apply to all packets that do not match any other ACL rules. This default ACL rule sets a default characteristic, other than the layer 2 priority, that the switch will use to classify the packets.

For example, if you set up the following ACL rules:

access-list List1 1 fwd2 10.10.60.0 0.0.0.255
access-list List1 2 fwd4 10.10.70.0 0.0.0.255
access-list List1 3 permit use-priority 4 10.10.80.0 0.0.0.255
access-list List1 4 permit use-priority 6 10.10.90.0 0.0.0.255
access-list List1 5 fwd1 10.10.100.0 0.0.0.255
access-list List1 6 fwd4 10.10.110.0 0.0.0.255
access-list List1 7 fwd7 10.10.120.0 0.0.0.255
access-list List1 8 fwd8 10.10.130.0 0.0.0.255
access-list List1 512 permit use-priority 6 any (default ACL rule)

All packets that have a source IP address in the 10.10.60 subnet are assigned a priority of 1(fwdx is 1 based, but priorities are 0 based.) All packets that have a source IP address in the 10.10.70 subnet are assigned a priority of 3, and so on. Any packets whose source IP addresses do not match the IP addresses in ACL rules one through eight, are assigned a priority of 6.

For information on how to set up a default ACL rule, see "Setting Up a Default ACL Rule" later in this chapter.