Support User Manuals

3Com 10014298 Switch User Manual

Open as PDF

of 294

150 CHAPTER 7: QOS/ OPERATION

This type of filtering includes ACLs that are used with the QoS function, ACLs used

to filter the packet transmitted by the hardware, and so on.

Filtering or Classifying

Data Transmitted by the

Software

An ACL can be used to filter or classify the data transmitted by the software of the

switch. The user can determine the match order of ACL’s sub-rules. There are two

match-orders: configuration, which follows the user-defined configuration order

when matching the rule, and automatic, which follows the depth-first principle.

The depth-first principle puts the statement specifying the smallest range of

addresses on the top of the list. For example, 129.102.1.1 0.0.0.0 specifies a host,

while 129.102.1.1 0.0.255.255 specifies the network segment 129.102.0.1

through 129.102.255.255. The host is listed first in the access control list. The

specific standard is:

■ For basic ACL statements, source address wildcards are compared directly. If

the wildcards are the same, the configuration sequence is used.

■ For the ACL based on the interface filter, the rule that is configured is listed at

the end, while others follow the configuration sequence.

■ For the advanced ACL, source address wildcards are compared first. If they are

the same, then destination address wildcards are compared. For the same

destination address wildcards, ranges of port numbers are compared and the

smaller range is listed first. If the port numbers are in the same range, the

configuration sequence is used.

After you specify the match-order of an access control rule, you cannot modify it

later unless you delete all the contents and specify the match-order again.

This type of filtering includes ACLs cited by route policy function, ACLs used for

controlling user logons, and so on.

ACL Support on the

Switch 7750

Table 161 lists the categories of ACLs, their value ranges and the maximum

number of each ACL on a Switch 7750.

Table 161 Quantitative Limitation to the ACL

Item Value range Maximum

Numbered basic ACL 2000 to 2999 99

Numbered advanced ACL 3000 to 3999 100

Numbered Layer-2 ACL 4000 to 4999 100

User-defined ACL 5000 to 5999 100

Named basic ACL - 1000

Named advanced ACL - 1000

Named Layer-2 AC - 1000

The sub items of an ACL 0 to 127 128

Maximum sub items for all

ACLs ( for a 7-slot chassis)

- 1536 (with 6 48-port I/O

modules installed)

Maximum sub items for all

ACLs ( for 4-slot chassis)

- 768 (with 3 48-port I/O

modules installed)

Maximum sub items for all

ACLs ( for an 8-slot chassis)

- 1536 (with 6 48-port I/O

modules installed)

previous next