No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


FAQ-Can the Source and Destination IP Addresses and Port Number Be Specified in a Reflective ACL

Publication Date:  2019-04-19 Views:  175 Downloads:  0

Issue Description

Device model: S12700
Software version: V200R010
Issue description: Does reflective ACL support the configuration of the source address, destination address, and port number?


After reflective ACL is configured, the request packets initiated by Internet users cannot enter the internal network, so they cannot access intranet users.

When an intranet user sends a request message to a user on the Internet, the device generates a reflective ACL entry based on the source IP address, destination IP address, and port number in the packet. Then the packets sent from the Internet can enter the internal network.

The following figure shows the processing after the source address, destination address, and port number are configured in an ACL.


Advanced ACL 3333, 1 rule
Acl's step is 5
 rule 5 permit udp source 0 destination 0
interface GigabitEthernet1/0/1
 traffic-reflect outbound acl 3333