Setting A Time Range - Edge-Core ECS4110-28T Management Manual

28/52-port gigabit ethernet layer 2+ switch

Hide thumbs Also See for ECS4110-28T:

Installation manual (50 pages)

Quick start manual (6 pages)

Table of Contents

precisely determined. It depends on the amount of hardware resources

reserved at runtime for this purpose.

Auto ACE Compression is a software feature used to compress all the

ACEs of an ACL to utilize hardware resources more efficiency. Without

compression, one ACE would occupy a fixed number of entries in TCAM.

So if one ACL includes 25 ACEs, the ACL would need (25 * n) entries in

TCAM, where "n" is the fixed number of TCAM entries needed for one

ACE. When compression is employed, before writing the ACE into

TCAM, the software compresses the ACEs to reduce the number of

required TCAM entries. For example, one ACL may include 128 ACEs

which classify a continuous IP address range like 192.168.1.0~255. If

compression is disabled, the ACL would occupy (128*n) entries of

TCAM, using up nearly all of the hardware resources. When using

compression, the 128 ACEs are compressed into one ACE classifying

the IP address as 192.168.1.0/24, which requires only "n" entries in

TCAM. The above example is an ideal case for compression. The worst

case would be if no any ACE can be compressed, in which case the used

number of TCAM entries would be the same as without compression. It

would also require more time to process the ACEs.

The order in which active ACLs are checked is as follows:

User-defined rules in IP and MAC ACLs for ingress or egress ports are

checked in parallel.

Rules within an ACL are checked in the configured order, from top to

If the result of checking an IP ACL is to permit a packet, but the result

of a MAC ACL on the same packet is to deny it, the packet will be

denied (because the decision to deny a packet has a higher priority for

security reasons). A packet will also be denied if the IP ACL denies it

and the MAC ACL accepts it.

Use the Security > ACL (Configure Time Range) page to sets a time range

during which ACL functions are applied.

"Time Range" on page 782

If both an absolute rule and one or more periodic rules are configured for

the same time range (i.e., named entry), that entry will only take effect if

the current time is within the absolute time range and one of the periodic

time ranges.

| Security Measures

Access Control Lists

Show Quick Links

Quick Links:
Connecting to the Switch

Chapters

Table of Contents

Ecs4110-28p Ecs4110-52t Ecs4110-52p

Setting A Time Range - Edge-Core ECS4110-28T Management Manual

Hide quick links:

Chapters

Related Manuals for Edge-Core ECS4110-28T

Related Content for Edge-Core ECS4110-28T

This manual is also suitable for:

Table of Contents