3Com 3.01.01 Switch User Manual


 
208 CHAPTER 7: QOS/ACL OPERATION
while 129.102.1.1 0.0.255.255 specifies the network segment 129.102.0.1
through 129.102.255.255. The host is listed first in the access control list. The
specific standard is:
For basic ACL statements, source address wildcards are compared directly. If
the wildcards are the same, the configuration sequence is used.
For the ACL based on the interface filter, the rule that is configured is listed at
the end, while others follow the configuration sequence.
For the advanced ACL, source address wildcards are compared first. If they are
the same, then destination address wildcards are compared. For the same
destination address wildcards, ranges of port numbers are compared and the
smaller range is listed first. If the port numbers are in the same range, the
configuration sequence is used.
After you specify the match-order of an access control rule, you cannot modify it
later unless you delete all the contents and specify the match-order again.
This type of filtering includes ACLs cited by route policy function, ACLs used for
controlling user logons, and so on.
ACLs Supported The switch supports these types of ACLs:
Number-based basic ACLs
Name-based basic ACLs
Number-based advanced ACLs
Name-based advanced ACLs
Number-based L2 ACLs
Name-based L2 ACLs
The ranges for the ACLs available on the switch are listed in the following table.
Configuring ACLs 3Com recommends that you perform ACL configuration tasks in the order of the
following sections:
Configuring Time Range
Defining and Applying a Flow Template
Table 1 Requirements for ACLs
Item Number range
Number-based basic ACL 2000~2999
Number-based advanced ACL 3000~3999
Number-based L2 ACL 4000~4999
Name-based basic ACL -
Name-based advanced ACL -
Name-based L2 ACL --
Maximum sub-rules for an ACL 0~127
Maximum sub-rules for the switch (sum
of the sub-rules of all ACLs)