152CHAPTER 7: QOS/ OPERATION

To define the ACL:

1Enter the corresponding ACL view

2Add a rule to the ACL

You can add multiple rules to one ACL.

If a specific time range is not defined, the ACL functions after it is activated.

During the process of defining the ACL, you can use the rule command several times to define multiple rules for an ACL.

If ACL is used to filter or classify the data transmitted by the hardware of the switch, the match order defined in the acl command is ignored. If ACL is used to filter or classify the data treated by the software of the switch, you can determine the match order for the ACL sub-rules. After you specify the match-order of an ACL rule, you cannot modify it later.

The default matching-order of ACL follows the order that is configured by the user.

Tasks for defining an ACL are described in the following sections:

Defining a Basic ACL

Define an Advanced ACL

Defining a Layer-2 ACL

Defining a Basic ACL

The rules of the basic ACL are defined on the basis of the Layer 3 source IP address to analyze the data packets.

Perform the following configuration in the designated view.

Table 164 Define Basic ACL

Operation

Command

 

 

Enter basic ACL view (from system view)

acl { number acl-number name acl-name

 

basic } [ match-order { config auto } ]

Add a sub-item to the ACL (from basic ACL view)

rule [ rule-id] { permit deny } [ source source-addr wildcard any ] [ fragment ] [ time-range name ]

Delete a sub-item from the ACL (from basic

undo rule rule-id[ source ] [ fragment ] [

ACL view)

time-range ]

Delete one ACL or all the ACL (from system

undo acl { number acl-numbername

view)

acl-name all }

 

 

A basic ACL is defined by numbers from 2000 to 2999.

Define an Advanced ACL

The classification rules for advanced ACL are defined on the basis of attributes, such as, source and destination IP address, the TCP or UDP port number in use, and the packet priority to process the data packets. The advanced ACL supports the analyses of three kinds of packet priorities, ToS (Type of Service), IP, and DSCP priorities.

Page 152
Image 152
3Com 10014298 Defining a Basic ACL, Basic ACL is defined by numbers from 2000 to, Define an Advanced ACL, Define Basic ACL