Why the Access from a Specified IP Address Is Still Allowed After a Network ACL Rule that Denies the Access from this Specified IP Address Has Been Added?
Network ACL rules have priorities. A smaller priority value represents a higher priority. Each network ACL includes a default rule whose priority value is an asterisk (*). Default rules have the lowest priority.
If network ACL rules conflict, the rule with the highest priority takes effect. If you need a rule to take effect before or after a specific rule, you can insert that rule before or after the specific rule. For example, if the priority of rule A is 1 and the priority of rule B is higher than that of rule A, insert rule B before rule A. In this case, the priority of rule B is 1 and that of rule A is 2. Similarly, if the priority of rule B is lower than that of rule A, insert rule B after rule A.
When a rule that denies access from a specified IP address is added, put the rules that allow access from all IP addresses to the end. The rule that denies access from the specified IP address takes effect. For details, see Changing the Sequence of a Network ACL Rule.
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.