Cisco Systems 7600 Series Manual De Usuario

Flows that require logging are processed in software without impacting nonlogged flow processing 
in hardware.

The forwarding rate for software-processed flows is substantially less than for hardware-processed 
flows. 

When you enter the show ip access-list command, the match count displayed does not include 
packets processed in hardware. 

These sections describe guidelines and restrictions when configuring ACLs that include Layer 4 port 
operations:

You can specify these types of operations:

gt (greater than)

lt (less than) 

neq (not equal)

eq (equal)

range (inclusive range)

We recommend that you do not specify more than nine different operations on the same ACL. If you 
exceed this number, each new operation might cause the affected ACE to be translated into more than 
one ACE. 

Use the following two guidelines to determine Layer 4 operation usage:

Layer 4 operations are considered different if the operator or the operand differ. For example, in this 
ACL there are three different Layer 4 operations (“gt 10” and “gt 11” are considered two different 
Layer 4 operations):

... gt 10 permit

... lt 9 deny

... gt 11 deny

There is no limit to the use of “eq” operators as the “eq” operator does not use a logical 
operator unit (LOU) or a Layer 4 operation bit. See the 

 for a description of LOUs.

Layer 4 operations are considered different if the same operator/operand couple applies once to a 
source port and once to a destination port. For example, in this ACL there are two different Layer 4 
operations because one ACE applies to the source port and one applies to the destination port.

... Src gt 10 ...

... Dst gt 10