Cisco Systems 7600 Series Manual De Usuario
23-4
Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E
78-14064-04
Chapter 23 Configuring Network Security
Configuring the Cisco IOS Firewall Feature Set
Determining Logical Operation Unit Usage
Logical operation units (LOUs) are registers that store operator-operand couples. All ACLs use LOUs.
There can be up to 32 LOUs; each LOU can store two different operator-operand couples with the
exception of the range operator. LOU usage per Layer 4 operation is as follows:
There can be up to 32 LOUs; each LOU can store two different operator-operand couples with the
exception of the range operator. LOU usage per Layer 4 operation is as follows:
•
gt uses 1/2 LOU
•
lt uses 1/2 LOU
•
neq uses 1/2 LOU
•
range uses 1 LOU
•
eq does not require a LOU
For example, this ACL would use a single LOU to store two different operator-operand couples:
... Src gt 10 ...
... Dst gt 10
A more detailed example follows:
ACL1
... (dst port) gt 10 permit
... (dst port) lt 9 deny
... (dst port) gt 11 deny
... (dst port) neq 6 permit
... (src port) neq 6 deny
... (dst port) gt 10 deny
ACL2
... (dst port) gt 20 deny
... (src port) lt 9 deny
... (src port) range 11 13 deny
... (dst port) neq 6 permit
The Layer 4 operations and LOU usage is as follows:
•
ACL1 Layer 4 operations: 5
•
ACL2 Layer 4 operations: 4
•
LOUs: 4
An explanation of the LOU usage follows:
•
LOU 1 stores “gt 10” and “lt 9”
•
LOU 2 stores “gt 11” and “neq 6”
•
LOU 3 stores “gt 20” (with space for one more)
•
LOU 4 stores “range 11 13” (range needs the entire LOU)
Configuring the Cisco IOS Firewall Feature Set
Note
Release 12.1(11b)E and later releases include firewall feature set images.
These sections describe configuring the Cisco IOS firewall feature set on the Cisco 7600 series routers:
•