3com 8807 사용자 가이드
![3com](https://files.manualsbrain.com/attachments/960452ff43b9899cbcffced60c87abf956e7967a/common/fit/150/50/f6ac125d7af2cf40fec58935fa6d4bf71457a57efe50bee91208a434f325/brand_logo.jpeg)
168
C
HAPTER
21: ACL C
ONFIGURATION
configured with any are put to the end and other rules follow config order; for
advanced ACL rules, first compare the wildcards of source addresses, then the
wildcards of destination addresses if those of source addresses are equal, then the
port IDs if the wildcards of destination addresses are still equal. Follow config
order if port IDs are also equal.
advanced ACL rules, first compare the wildcards of source addresses, then the
wildcards of destination addresses if those of source addresses are equal, then the
port IDs if the wildcards of destination addresses are still equal. Follow config
order if port IDs are also equal.
n
The user-defined ACL matching order takes effect only when multiple rules of one
ACL are applied at the same time. For example, an ACL has two rules. If the two
rules are not applied simultaneously, even if you configure the matching order to
be depth first, the switch still matches them according to their application order.
ACL are applied at the same time. For example, an ACL has two rules. If the two
rules are not applied simultaneously, even if you configure the matching order to
be depth first, the switch still matches them according to their application order.
If one rule is a subset of another rule in an ACL, it is recommended to apply the
rules according to the range of the specified packets. The rule with the smallest
range of the specified data packets is applied first, and then other rules are applied
based on this principle.
rules according to the range of the specified packets. The rule with the smallest
range of the specified data packets is applied first, and then other rules are applied
based on this principle.
ACLs Supported
The switch supports these types of ACLs:
■
Number-based basic ACLs
■
Name-based basic ACLs
■
Number-based advanced ACLs
■
Name-based advanced ACLs
■
Number-based Layer 2 ACLs
■
Name-based Layer 2 ACLs
The requirements for the various ACLs available on the switch are listed in the
following table.
following table.
Table 143 Requirements for defining ACLs
Item
Number range
Maximum number
Number-based basic ACL
2000 to 2999
1000
Number-based advanced ACL 3000 to 3999
1000
Number-based Layer 2 ACL
4000 to 4999
1000
Name-based basic ACL
-
-
Name-based advanced ACL
-
-
Name-based Layer 2 ACL
-
-
Maximum rules for an ACL
0 to 127
128
Maximum rules for the system -
12288
Table 144 Max ACL rules that can be activated on different interface cards
Interface card suppfix
MPLS support
Max number of ACL rules
supported for each
card/interface
supported for each
card/interface
B
MPLS not supported
1024
DA
DB
DC