3com 4210 User Manual
Configuring User-Defined ACLs
213
■
With the Switch 5500/5500G, for a user-defined ACL to be assigned
successfully, the maximum length of a user-defined rule string is 32 bytes. The
string may or may not contain spaces, and can occupy up to eight mask offset
units. Besides, any two offset units cannot belong to the same offset group.
successfully, the maximum length of a user-defined rule string is 32 bytes. The
string may or may not contain spaces, and can occupy up to eight mask offset
units. Besides, any two offset units cannot belong to the same offset group.
■
For example, assuming that you configure ACL 5000, specifying a 32-byte rule
string, a rule mask of all Fs, and an offset of 4 and then apply the ACL to
Ethernet 1/0/1. In this case, the 32-byte rule string occupies eight offset units:
4 to 7 (Offset2), 8 to 11 (Offset3), 12 to 15 (Offset4), 16 to 19 (Offset5), 20 to
23 (Offset1), 24 to 27 (Offset7), 28 to 31 (Offset8), and 32 to 35 (Offset6), as
shown in Table 2. The rule can be assigned successfully.
string, a rule mask of all Fs, and an offset of 4 and then apply the ACL to
Ethernet 1/0/1. In this case, the 32-byte rule string occupies eight offset units:
4 to 7 (Offset2), 8 to 11 (Offset3), 12 to 15 (Offset4), 16 to 19 (Offset5), 20 to
23 (Offset1), 24 to 27 (Offset7), 28 to 31 (Offset8), and 32 to 35 (Offset6), as
shown in Table 2. The rule can be assigned successfully.
■
If you configure ACL 5001, specifying a 32-byte rule string, a rule mask of all
Fs, and an offset of 24 and then apply the ACL to Ethernet 1/0/1: In this case,
the 32-byte rule string does not comply with the rule that a user-defined rule
string can contain up to eight mask offset units and any two offset units
cannot belong to the same offset. The ACL cannot be assigned.
Fs, and an offset of 24 and then apply the ACL to Ethernet 1/0/1: In this case,
the 32-byte rule string does not comply with the rule that a user-defined rule
string can contain up to eight mask offset units and any two offset units
cannot belong to the same offset. The ACL cannot be assigned.
The common protocol types and their offsets are listed in the following table.
Table 2 Offset units of a user-defined rule string
Offset unit
Offset1 Offset2 Offset3 Offset4 Offset5 Offset6 Offset7 Offset8
0 to 3
4 to 7
8 to 11
12 to 15
16 to 19
20 to 23
24 to 27
28 to 31
2 to 5
6 to 9
10 to 13
14 to 17
18 to 21
22 to 25
26 to 29
30 to 33
6 to 9
10 to 13
14 to 17
18 to 21
22 to 25
26 to 29
30 to 33
34 to 37
12 to 15
16 to 19
20 to 23
24 to 27
28 to 31
32 to 35
36 to 39
40 to 43
20 to 23
24 to 27
28 to 31
32 to 35
36 to 39
40 to 43
44 to 47
48 to 51
30 to 33
34 to 37
38 to 41
42 to 45
46 to 49
50 to 53
54 to 57
58 to 61
42 to 45
46 to 49
50 to 53
54 to 57
58 to 61
62 to 65
66 to 69
70 to 73
56 to 59
60 to 63
64 to 67
68 to 71
72 to 75
76 to 79
0 to 3
4 to 7
Protocol type
Protocol number
(hexadecimal)
(hexadecimal)
Offset for
Switch 5500s
with VLAN-VPN
function
disabled
Switch 5500s
with VLAN-VPN
function
disabled
Offset for
Switch 5500s
with VLAN-VPN
function
enabled
Switch 5500s
with VLAN-VPN
function
enabled
Offset for
Switch
5500Gs
Switch
5500Gs
ARP 0x0806
16
20 20
RARP 0x8035
16
20
20
IP 0x0800
16 20 20
IPX 0x8137
16 20 20
AppleTalk 0x809B
16
20
20
ICMP 0x01 27
31
31
IGMP 0x02 27
31
31
TCP 0x06 27
31 31
UDP 0x17 27
31 31