3com 3031 Instruccion De Instalación

This chapter covers the following topics:

■

■

■

■

■

This section introduces Access Control Lists (ACLs).

In order to filter data packets, a series of rules need to be configured on the router 
to decide which data packets can pass. These rules are defined by ACL (Access 
Control List), which are a series of sequential rules consisting of 

permit | deny

 

statements. The rules are described by source address, destination address and 
port number of data packets. ACL classifies data packets through these router 
interface applied rules, by which the router decides which packets can be received 
and which should be rejected.

An ACL is represented by a number which shows the application purpose of the 
ACL. Table 877 lists the range of numbers that match each application purpose.: 

An access control rule may consist of several 

 | 

 statements, each 

statement specifying different packet ranges. In this case, match order problem 
exists on matching a packet and access control rule.

There are two kinds of match orders:

■

Configuration sequence: match ACL rules according to their configuration 
order.

■

Automatic sequencing: follow the principle of “depth priority”.

“Depth priority” rule puts the statement that specifies the smallest packet range 
into first place. This can be realized by comparing address wildcard. The smaller 

Table 877   Classifcation of ACLs

Interface-based ACL

1000 to 1999

Basic ACL

2000 to 2999

Advanced ACL

3000 to 3999

MAC-based ACL

4000 to 4999