Manualsbrain.com
  1. Manuales
  2. Marcas
  3. 3com
  4. S7906E
  5. Instruccion De Instalación

3com S7906E Instruccion De Instalación

Descargar
Página de 2621
 
1-4 
3)  If the protocol types have the same precedence, look at the source IP address wildcard masks. 
Then, compare packets against the rule configured with more zeros in the source IP address 
wildcard mask. 
4)  If the numbers of zeros in the source IP address wildcard masks are the same, look at the 
destination IP address wildcard masks. Then, compare packets against the rule configured with 
more zeros in the destination IP address wildcard mask.  
5)  If the numbers of zeros in the destination IP address wildcard masks are the same, look at the 
Layer 4 port number ranges, namely the TCP/UDP port number ranges. Then compare packets 
against the rule configured with the smaller port number range. 
6)  If the port number ranges are the same, compare packets against the rule configured first. 
Depth-first match for an Ethernet frame header ACL 
The following shows how your switch performs depth-first match in an Ethernet frame header ACL:  
1)  Sort rules by source MAC address mask first and compare packets against the rule configured with 
more ones in the source MAC address mask.  
2)  If two rules are present with the same number of ones in their source MAC address masks, look at 
the destination MAC address masks. Then, compare packets against the rule configured with more 
ones in the destination MAC address mask.  
3)  If the numbers of ones in the destination MAC address masks are the same, compare packets 
against the one configured first.  
The comparison of a packet against an ACL stops once a match is found. The packet is then processed 
as per the rule.  
IPv4 ACL Step 
Meaning of the step 
When defining rules in an IPv4 ACL, you do not necessarily assign them numbers; the system can do 
this automatically, and the step defines the increment between two neighboring numbers. For example, 
with a step of 5, rules are automatically numbered 0, 5, 10, 15, and so on. By default, the step is 5. 
Whenever the step changes, the rules are renumbered, starting from 0. For example, if four rules are 
numbered 5, 10, 15, and 20 respectively, changing the step from 5 to 2 will cause the rules to be 
renumbered 0, 2, 4, and 6.  
Benefits of using the step 
With the step and rule numbering/renumbering mechanism, you do not need to assign rules numbers 
when defining them. The system will assign a newly defined rule a number that is the smallest multiple 
of the step bigger than the currently biggest number. For example, with a step of five, if the biggest 
number is currently 28, the newly defined rule will get a number of 30. If the ACL has no rule defined 
already, the first defined rule will get a number of 0. 
Another benefit of using the step is that it allows you to insert new rules between existing ones as 
needed. For example, after creating four rules numbered 0, 5, 10, and 15 in an ACL with a step of five, 
you can insert a rule numbered 1.  
Effective Period of an IPv4 ACL 
You can control when a rule can take effect by referencing a time range in the rule.