3com 5500-SI Manual Do Utilizador
386
C
HAPTER
20: C
ONFIGURATION
FOR
Q
O
S F
EATURES
[S5500-Ethernet1/0/1] port trunk permit vlan 10
[S5500-Ethernet1/0/1] quit
[S5500] mirroring-group 1 remote-destination
[S5500] mirroring-group 1 monitor-port ethernet1/0/2
[S5500] mirroring-group 1 remote-probe vlan 10
[S5500] display mirroring-group remote-destination
Features of Traffic
Statistics
Statistics
Traffic statistics is employed to count data packets within a specified traffic flow.
Traffic statistics counts data information in the data packets that match a defined
access control list (ACL).
Traffic statistics counts data information in the data packets that match a defined
access control list (ACL).
The newly added features of traffic statistics allow the switch to count data packets
with their action defined as deny in the ACL rules.
with their action defined as deny in the ACL rules.
For detailed configuration regarding traffic statistics, refer to the QoS/ACL part of
3Com Switch 5500 Family Operation Manual.
3Com Switch 5500 Family Operation Manual.
Improving the Depth
First Order of ACL
Matching
First Order of ACL
Matching
The depth first order of ACL matching can be configured by selecting auto option
while defining the ACL matching order.
while defining the ACL matching order.
The priority sequence is determined based on the following rules:
1 Compare the protocol range of the ACL rules first. The range for IP protocol is 0 to
255 and those of other protocols are the same as their protocol numbers. The smaller
the protocol range, the higher the priority.
the protocol range, the higher the priority.
2 Compare the range of source IP addresses. Those with smaller source IP address range
have higher priority.
3 Compare the range of destination IP addresses. Those with smaller destination IP
address range have higher priority.
4 Compare the Layer 4 port numbers (the TCP/UDP port numbers). Those with smaller
range have higher priority.
5 While all the above checks show the same priority, sort according to the configuration
order.
In the new version of the software, improvements have been made based on the
above matching order, as illustrated below.
above matching order, as illustrated below.
■
If rule A is rule B’s proper subset, then rule B has a higher priority.
■
If based on the original matching order, rule A and rule B are the same in all the
following aspects: the range of their protocols, the range of their source IP
address, the range of their destination IP address, and their Layer 4 port numbers,
and furthermore, their numbers of other elements to be considered in deciding
their priority order are also the same, weighting principles will be used in deciding
their priority order.
following aspects: the range of their protocols, the range of their source IP
address, the range of their destination IP address, and their Layer 4 port numbers,
and furthermore, their numbers of other elements to be considered in deciding
their priority order are also the same, weighting principles will be used in deciding
their priority order.
The weighting principles work as follows:
■
Each element is given a fixed weighting value. This weighting value and the value
of the element itself will jointly decide the final matching order.
of the element itself will jointly decide the final matching order.
■
The weighting value for each element ranks in the following descending order:
DSCP, ToS, ICMP, established, VPN-instance, precedence, fragment.
DSCP, ToS, ICMP, established, VPN-instance, precedence, fragment.