130 CHAPTER 7: ACL CONFIGURATION
The depth-first principle is to put the statement specifying the smallest range of
packets on the top of the list. This can be implemented through comparing the
wildcards of the addresses. The smaller the wildcard is, the less hosts it can specify.
For example, 129.102.1.1 0.0.0.0 specifies a host, while 129.102.1.1 0.0.255.255
specifies a network segment, 129.102.0.1 through 129.102.255.255. Obviously,
the former one is listed ahead in the access control list.
The specific standard is as follows.
For basic access control list statements, compare the source address wildcards
directly. If the wildcards are the same, follow the configuration sequence.
For the advanced access control list, compare the source address wildcards first. If
they are the same, then compare the destination address wildcards. For the same
destination address wildcards, compare the ranges of port numbers, the one with
the smaller range is listed ahead. If the port numbers are in the same range, follow
the configuration sequence.
ACL Supported by the
Switch
The table below lists the limits to the numbers of different types of ACL on a
Switch.
Table 127 Quantitative Limitation to the ACL
Configuring ACL ACL configuration includes:
â– Defining ACL
â– Activating ACL
The above steps must be done in sequence. Define the ACL (using the defined
time range in the definition), then activate the ACL to validate it.
Defining ACL The Switch 4500 supports several types of ACL. This section introduces how to
define these ACLs.
Defining ACL by following the steps below:
1 Enter the corresponding ACL view.
2 Add a rule to the ACL.
You can add multiple rules to one ACL.
â– If a specific time range is not defined, the ACL will always function after
activated.
â– During the process of defining the ACL, you can use the rule command several
times to define multiple rules for an ACL.
Item Value range
Numbered basic ACL. 2000 to 2999
Numbered advanced ACL. 3000 to 3999
Numbered Layer-2 ACL. 4000 to 4999
Numbered user-defined ACL. 5000 to 5999
The sub items of an ACL 0 to 65534
To Next Page
Loading...
Need help?
General