Cisco Systems EA6500 Manual De Usuario
23-4
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E
78-14099-04
Chapter 23 Configuring Network Security
Guidelines and Restrictions for Using Layer 4 Operators in ACLs
Determining Logical Operation Unit Usage
Logical operation units (LOUs) are registers that store operator-operand couples. All ACLs use LOUs.
There can be up to 32 LOUs; each LOU can store two different operator-operand couples with the
exception of the range operator. LOU usage per Layer 4 operation is as follows:
There can be up to 32 LOUs; each LOU can store two different operator-operand couples with the
exception of the range operator. LOU usage per Layer 4 operation is as follows:
•
gt uses 1/2 LOU
•
lt uses 1/2 LOU
•
neq uses 1/2 LOU
•
range uses 1 LOU
•
eq does not require a LOU
For example, this ACL would use a single LOU to store two different operator-operand couples:
... Src gt 10 ...
... Dst gt 10
A more detailed example follows:
ACL1
... (dst port) gt 10 permit
... (dst port) lt 9 deny
... (dst port) gt 11 deny
... (dst port) neq 6 permit
... (src port) neq 6 deny
... (dst port) gt 10 deny
ACL2
... (dst port) gt 20 deny
... (src port) lt 9 deny
... (src port) range 11 13 deny
... (dst port) neq 6 permit
The Layer 4 operations and LOU usage is as follows:
•
ACL1 Layer 4 operations: 5
•
ACL2 Layer 4 operations: 4
•
LOUs: 4
An explanation of the LOU usage follows:
•
LOU 1 stores “gt 10” and “lt 9”
•
LOU 2 stores “gt 11” and “neq 6”
•
LOU 3 stores “gt 20” (with space for one more)
•
LOU 4 stores “range 11 13” (range needs the entire LOU)