EasyManuals Logo
Home>Cisco>Network Router>7609

Cisco 7609 User Manual

Cisco 7609
572 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #325 background imageLoading...
Page #325 background image
23-3
Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E
78-14064-04
Chapter 23 Configuring Network Security
Guidelines and Restrictions for Using Layer 4 Operators in ACLs
Flows that require logging are processed in software without impacting nonlogged flow processing
in hardware.
The forwarding rate for software-processed flows is substantially less than for hardware-processed
flows.
When you enter the show ip access-list command, the match count displayed does not include
packets processed in hardware.
Guidelines and Restrictions for Using Layer 4 Operators in ACLs
These sections describe guidelines and restrictions when configuring ACLs that include Layer 4 port
operations:
Determining Layer 4 Operation Usage, page 23-3
Determining Logical Operation Unit Usage, page 23-4
Determining Layer 4 Operation Usage
You can specify these types of operations:
gt (greater than)
lt (less than)
neq (not equal)
eq (equal)
range (inclusive range)
We recommend that you do not specify more than nine different operations on the same ACL. If you
exceed this number, each new operation might cause the affected ACE to be translated into more than
one ACE.
Use the following two guidelines to determine Layer 4 operation usage:
Layer 4 operations are considered different if the operator or the operand differ. For example, in this
ACL there are three different Layer 4 operations (gt 10 and gt 11 are considered two different
Layer 4 operations):
... gt 10 permit
... lt 9 deny
... gt 11 deny
Note There is no limit to the use of eq operators as the eq operator does not use a logical
operator unit (LOU) or a Layer 4 operation bit. See the Determining Logical Operation
Unit Usage section on page 23-4 for a description of LOUs.
Layer 4 operations are considered different if the same operator/operand couple applies once to a
source port and once to a destination port. For example, in this ACL there are two different Layer 4
operations because one ACE applies to the source port and one applies to the destination port.
... Src gt 10 ...
... Dst gt 10

Table of Contents

Other manuals for Cisco 7609

Preview: Datasheet
Datasheet5 pages
Preview: Frequently Asked Questions
Frequently Asked Questions5 pages
Preview: Installing
Installing22 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 7609 and is the answer not in the manual?

Cisco 7609 Specifications

General IconGeneral
BrandCisco
Model7609
CategoryNetwork Router
LanguageEnglish

Related product manuals