150CHAPTER 7: QOS/ OPERATION

This type of filtering includes ACLs that are used with the QoS function, ACLs used to filter the packet transmitted by the hardware, and so on.

Filtering or Classifying An ACL can be used to filter or classify the data transmitted by the software of the Data Transmitted by the switch. The user can determine the match order of ACL’s sub-rules. There are two

Software match-orders: configuration, which follows the user-defined configuration order when matching the rule, and automatic, which follows the depth-first principle.

The depth-first principle puts the statement specifying the smallest range of addresses on the top of the list. For example, 129.102.1.1 0.0.0.0 specifies a host, while 129.102.1.1 0.0.255.255 specifies the network segment 129.102.0.1 through 129.102.255.255. The host is listed first in the access control list. The specific standard is:

For basic ACL statements, source address wildcards are compared directly. If the wildcards are the same, the configuration sequence is used.

For the ACL based on the interface filter, the rule that is configured is listed at the end, while others follow the configuration sequence.

For the advanced ACL, source address wildcards are compared first. If they are the same, then destination address wildcards are compared. For the same destination address wildcards, ranges of port numbers are compared and the smaller range is listed first. If the port numbers are in the same range, the configuration sequence is used.

After you specify the match-order of an access control rule, you cannot modify it later unless you delete all the contents and specify the match-order again.

This type of filtering includes ACLs cited by route policy function, ACLs used for controlling user logons, and so on.

ACL Support on the Table 161 lists the categories of ACLs, their value ranges and the maximum Switch 7750 number of each ACL on a Switch 7750.

Table 161 Quantitative Limitation to the ACL

Item

Value range

Maximum

 

 

 

Numbered basic ACL

2000 to 2999

99

Numbered advanced ACL

3000 to 3999

100

Numbered Layer-2 ACL

4000 to 4999

100

User-defined ACL

5000 to 5999

100

Named basic ACL

-

1000

Named advanced ACL

-

1000

Named Layer-2 AC

-

1000

The sub items of an ACL

0 to 127

128

Maximum sub items for all

-

1536 (with 6 48-port I/O

ACLs ( for a 7-slot chassis)

 

modules installed)

Maximum sub items for all

-

768 (with 3 48-port I/O

ACLs ( for 4-slot chassis)

 

modules installed)

Maximum sub items for all

-

1536 (with 6 48-port I/O

ACLs ( for an 8-slot chassis)

 

modules installed)

 

 

 

Page 150
Image 150
3Com 10014298 manual Quantitative Limitation to the ACL, Value range Maximum