3com 3.01.01 Benutzerhandbuch

C

HAPTER

 7: Q

O

S/ACL O

PERATION

while 129.102.1.1 0.0.255.255 specifies the network segment 129.102.0.1 
through 129.102.255.255. The host is listed first in the access control list. The 
specific standard is:

■

For basic ACL statements, source address wildcards are compared directly. If 
the wildcards are the same, the configuration sequence is used. 

■

For the ACL based on the interface filter, the rule that is configured is listed at 
the end, while others follow the configuration sequence.

■

For the advanced ACL, source address wildcards are compared first. If they are 
the same, then destination address wildcards are compared. For the same 
destination address wildcards, ranges of port numbers are compared and the 
smaller range is listed first. If the port numbers are in the same range, the 
configuration sequence is used. 

After you specify the match-order of an access control rule, you cannot modify it 
later unless you delete all the contents and specify the match-order again.

This type of filtering includes ACLs cited by route policy function, ACLs used for 
controlling user logons, and so on.

The switch supports these types of ACLs: 

■

Number-based basic ACLs

■

Name-based basic ACLs

■

Number-based advanced ACLs

■

Name-based advanced ACLs

■

Number-based L2 ACLs

■

Name-based L2 ACLs

The ranges for the ACLs available on the switch are listed in the following table. 

3Com recommends that you perform ACL configuration tasks in the order of the 
following sections: 

■

■

Table 1   Requirements for ACLs

Number-based basic ACL

2000~2999

Number-based advanced ACL

3000~3999

Number-based L2 ACL

4000~4999

Name-based basic ACL

-

Name-based advanced ACL

-

Name-based L2 ACL

--

Maximum sub-rules for an ACL

0~127

Maximum sub-rules for  the switch (sum 
of the sub-rules of all ACLs)