3Com 10014298 Switch User Manual


 
150 CHAPTER 7: QOS/ OPERATION
This type of filtering includes ACLs that are used with the QoS function, ACLs used
to filter the packet transmitted by the hardware, and so on.
Filtering or Classifying
Data Transmitted by the
Software
An ACL can be used to filter or classify the data transmitted by the software of the
switch. The user can determine the match order of ACL’s sub-rules. There are two
match-orders: configuration, which follows the user-defined configuration order
when matching the rule, and automatic, which follows the depth-first principle.
The depth-first principle puts the statement specifying the smallest range of
addresses on the top of the list. For example, 129.102.1.1 0.0.0.0 specifies a host,
while 129.102.1.1 0.0.255.255 specifies the network segment 129.102.0.1
through 129.102.255.255. The host is listed first in the access control list. The
specific standard is:
For basic ACL statements, source address wildcards are compared directly. If
the wildcards are the same, the configuration sequence is used.
For the ACL based on the interface filter, the rule that is configured is listed at
the end, while others follow the configuration sequence.
For the advanced ACL, source address wildcards are compared first. If they are
the same, then destination address wildcards are compared. For the same
destination address wildcards, ranges of port numbers are compared and the
smaller range is listed first. If the port numbers are in the same range, the
configuration sequence is used.
After you specify the match-order of an access control rule, you cannot modify it
later unless you delete all the contents and specify the match-order again.
This type of filtering includes ACLs cited by route policy function, ACLs used for
controlling user logons, and so on.
ACL Support on the
Switch 7750
Table 161 lists the categories of ACLs, their value ranges and the maximum
number of each ACL on a Switch 7750.
Table 161 Quantitative Limitation to the ACL
Item Value range Maximum
Numbered basic ACL 2000 to 2999 99
Numbered advanced ACL 3000 to 3999 100
Numbered Layer-2 ACL 4000 to 4999 100
User-defined ACL 5000 to 5999 100
Named basic ACL - 1000
Named advanced ACL - 1000
Named Layer-2 AC - 1000
The sub items of an ACL 0 to 127 128
Maximum sub items for all
ACLs ( for a 7-slot chassis)
- 1536 (with 6 48-port I/O
modules installed)
Maximum sub items for all
ACLs ( for 4-slot chassis)
- 768 (with 3 48-port I/O
modules installed)
Maximum sub items for all
ACLs ( for an 8-slot chassis)
- 1536 (with 6 48-port I/O
modules installed)