Filter
Top Products
DES-7200 Configuration Guide Chapter 1 Access Control List
Configuration
1-26
1.11 Configuring SVI Router
ACLs
1.11.1 Understanding SVI Router
ACLs
The ACL applied to layer 3 interface is called Router ACLs, which only apply to the
routing messages forwarded at layer 3. On layer 3 switches of DES-7200, the ACL
applied to SVI also applies to intra-VLAN bridge forwarding messages and inter-VLAN
routing messages, resulting in the abnormal communication between users on the
VLAN.
To realize the features of Router ACLs on SVI ACL, SVI Router ACLs enabling
command is provided on DES-7200 switches. After enabling this command, the ACL
applied to SVI will only apply to the layer 3 packets forwarded between VLANs, and will
not apply to the bridge forwarded packets within the VLAN.
1.11.2 Default Configuration
By default, SVI Router ACLs is disabled. SVI ACL applies to both inter-VLAN layer 3
packets and intra-VLAN bridge-forwarded packets.
1.11.3 Enabling SVI Router ACLs
Command Function
DES-7200# configure terminal
Enter the global configuration mode.
DES-7200# [no] svi router-acls enable
Enable/Disable the SVI Router ACLs.
1.12 Configuration Examples
1.12.1 Configuring Unidirectional
TCP Connection
Configure TCP Flag filtering to enable unidirectional ACL.
1.12.1.1 Configuration Requirements
For the security of network A, the hosts in network A are allowed to originate the TCP
connection request to the hosts in network B. However, the hosts of network B are not
allowed to originate the TCP communication requests to network A.