Support User Manuals

3Com 5500 Switch User Manual

Open as PDF

of 336

Configuring User-Defined ACLs 213

■ With the Switch 5500/5500G, for a user-defined ACL to be assigned

successfully, the maximum length of a user-defined rule string is 32 bytes. The

string may or may not contain spaces, and can occupy up to eight mask offset

units. Besides, any two offset units cannot belong to the same offset group.

■ For example, assuming that you configure ACL 5000, specifying a 32-byte rule

string, a rule mask of all Fs, and an offset of 4 and then apply the ACL to

Ethernet 1/0/1. In this case, the 32-byte rule string occupies eight offset units:

4 to 7 (Offset2), 8 to 11 (Offset3), 12 to 15 (Offset4), 16 to 19 (Offset5), 20 to

23 (Offset1), 24 to 27 (Offset7), 28 to 31 (Offset8), and 32 to 35 (Offset6), as

shown in Table 2. The rule can be assigned successfully.

■ If you configure ACL 5001, specifying a 32-byte rule string, a rule mask of all

Fs, and an offset of 24 and then apply the ACL to Ethernet 1/0/1: In this case,

the 32-byte rule string does not comply with the rule that a user-defined rule

string can contain up to eight mask offset units and any two offset units

cannot belong to the same offset. The ACL cannot be assigned.

The common protocol types and their offsets are listed in the following table.

Table 2 Offset units of a user-defined rule string

Offset unit

Offset1 Offset2 Offset3 Offset4 Offset5 Offset6 Offset7 Offset8

0 to 3 4 to 7 8 to 11 12 to 15 16 to 19 20 to 23 24 to 27 28 to 31

2 to 5 6 to 9 10 to 13 14 to 17 18 to 21 22 to 25 26 to 29 30 to 33

6 to 9 10 to 13 14 to 17 18 to 21 22 to 25 26 to 29 30 to 33 34 to 37

12 to 15 16 to 19 20 to 23 24 to 27 28 to 31 32 to 35 36 to 39 40 to 43

20 to 23 24 to 27 28 to 31 32 to 35 36 to 39 40 to 43 44 to 47 48 to 51

30 to 33 34 to 37 38 to 41 42 to 45 46 to 49 50 to 53 54 to 57 58 to 61

42 to 45 46 to 49 50 to 53 54 to 57 58 to 61 62 to 65 66 to 69 70 to 73

56 to 59 60 to 63 64 to 67 68 to 71 72 to 75 76 to 79 0 to 3 4 to 7

Protocol type

Protocol number

(hexadecimal)

Offset for

Switch 5500s

with VLAN-VPN

function

disabled

Offset for

Switch 5500s

with VLAN-VPN

function

enabled

Offset for

Switch

5500Gs

ARP 0x0806 16 20 20

RARP 0x8035 16 20 20

IP 0x0800 16 20 20

IPX 0x8137 16 20 20

AppleTalk 0x809B 16 20 20

ICMP 0x01 27 31 31

IGMP 0x02 27 31 31

TCP 0x06 27 31 31

UDP 0x17 27 31 31

previous next