How to Create ACL Rules

Traffic that arrives at a router port is either accepted or blocked according to the rules contained in an Access Control List (ACL). Rules Permit or Deny traffic that matches criteria defined by its parameters. A rule's parameters can define a specific source/destination or be set to Any, which creates an automatic match for the source/destination. Rules can apply to one or more protocols. The ACL is examined from top to bottom, with the first rule that matches the packet determining the fate of that packet (dropped or forwarded). If there are no matching rules, the packet is denied. To change this behavior, add a rule that permits everything as the last rule in the ACL.

Individual rules within an ACL can be disabled by commenting the rule. Commenting suppresses enforcement of a rule. When a rule is commented, it appears as a gray icon in the ACL Editor.

Instructions on:

Creating a Rule

ACL rules are created using the ACL Editor.

  1. In the ACL Manager tab, open the ACL Editor by clicking .
  2. In the left-panel tree, select the ACL where you would like to create the rule.
  3. In the right-panel Editor tab, click the New button.
  4. The Add to ACL window opens where you can create the new rule. The parameters/fields in this window will change according to the rule type selected. Refer to the Add to ACL help topic for information on the specific fields.
  5. Click OK. The window closes and the rule appears in the left-panel tree.

Modifying a Rule

You can modify a rule's parameters using the ACL Editor.

  1. In the ACL Manager tab, open the ACL Editor by clicking .
  2. In the left-panel tree, select the rule that you would like to modify.
  3. In the right-panel Editor tab, click the Edit button.
  4. The Edit ACL window opens where you can modify the rule. The parameters/fields in this window will change according to the rule type selected. Refer to the Add to ACL help topic for information on the specific fields.
  5. Click OK.

Commenting and Uncommenting a Rule

Rules can be disabled or enabled by commenting or uncommenting, respectively, the line in the ACL that defines the rule.

  1. In the ACL Manager tab, open the ACL Editor by clicking .
  2. In the left-panel tree, select the rule that you would like to comment out or uncomment.
  3. Right-click on the rule and select Comment Out (disable) or Uncomment (enable).

Deleting a Rule

You can delete a rule using the ACL Editor.

  1. In the ACL Manager tab, open the ACL Editor by clicking .
  2. In the left-panel tree, select the rule that you would like to delete.
  3. Right-click on the rule and select Delete. The rule is deleted from the left-panel tree.

Related Information

For information on related windows: