3com 8807 사용자 가이드

168

HAPTER

21: ACL C

ONFIGURATION

configured with any are put to the end and other rules follow config order; for
advanced ACL rules, first compare the wildcards of source addresses, then the
wildcards of destination addresses if those of source addresses are equal, then the
port IDs if the wildcards of destination addresses are still equal. Follow config
order if port IDs are also equal.

The user-defined ACL matching order takes effect only when multiple rules of one
ACL are applied at the same time. For example, an ACL has two rules. If the two
rules are not applied simultaneously, even if you configure the matching order to
be depth first, the switch still matches them according to their application order.

If one rule is a subset of another rule in an ACL, it is recommended to apply the
rules according to the range of the specified packets. The rule with the smallest
range of the specified data packets is applied first, and then other rules are applied
based on this principle.

ACLs Supported

The switch supports these types of ACLs:

■

Number-based basic ACLs

■

Name-based basic ACLs

■

Number-based advanced ACLs

■

Name-based advanced ACLs

■

Number-based Layer 2 ACLs

■

Name-based Layer 2 ACLs

The requirements for the various ACLs available on the switch are listed in the
following table.

Table 143 Requirements for defining ACLs

Item

Number range

Maximum number

Number-based basic ACL

2000 to 2999

1000

Number-based advanced ACL 3000 to 3999

1000

Number-based Layer 2 ACL

4000 to 4999

1000

Name-based basic ACL

Name-based advanced ACL

Name-based Layer 2 ACL

Maximum rules for an ACL

0 to 127

128

Maximum rules for the system -

12288

Table 144 Max ACL rules that can be activated on different interface cards

Interface card suppfix

MPLS support

Max number of ACL rules
supported for each
card/interface

MPLS not supported

1024