UTStarcom iSpirit 3026 Manual page 118

access-list 1 deny 192.168.0.0 0.0.255.255－regulation 1
access-list 1 permit 192.168.1.0 0.0.0.255－regulation 2
Hereunder referred as regulation 1 and regulation 2
Both of these regulations are conflicted: address of regulation 2 is included in that of regulation 1,
and one is "deny", and the other is s"permit". Different command has different results based on
ACL filtration principle. If you want to realize the aforesaid requests, the command of these two
regulations must be as follows: regulation 1 should be arranged in the very front but regulation 2
should be arranged in the last. iSpirit 3026 has automatically realize the aforesaid command
function, no matter what command that user configure the aforesaid regulations, regulation 1 will
be arranged in front of regulation 2. When there is an address packet whose source address is
192.168.1.1 needs to be forwarded, please firstly compare the first regulation, and then compare
the second regulation, the latter regulation will be valid (can be tranferred) only after these two
regulations are well matched; if the source address is 192.168.0.1 only the first the regulation is
well matched please deny it (cannot be tranferred). If there are not arranged, user maybe firstly
configure the regulation 2 and then configure regulation 1, so regulation 1 will be arranged in the
last but regulation 1 will be in the front.
access-list 1 permit 192.168.1.0 0.0.0.255 －regulation 2
access-list 1 deny 192.168.0.0 0.0.255.255 －regulation 1
For the latter regulation 1 has included the regulation 2, so following condition will be caused:
data packet matched with regulation 2 also is well matched with regulation 1 that will be always
valid, but required demands will not be achieved.
For iSpirit 3026, '0.0.255.255' is Wildcard bits, bits being "1" indicates that it needs not to be
matched, but being "0" indicates that it needs to be matched. From which you may learn that
Wildcard bits of regulation 1 is '0.0.255.255', and it needs to be matched with 2 bytes (16 bits);
for regulation 2 Wildcard bits is '0 0.0.0.255', and it needs to be matched with 3 bytes (24 bits);
"range" of regulation 1 is larger, so it will be arranged in the front. In extended IP more regulation
fields should be considered, e.g. IP protocol type and communiation ports etc. All their command
regulations are the same, i.e. the more restrictions there are the range is smaller, instead it will
be larger. Arrangement of regulation will be realized in background, user's command can only be
shown according to commands of user's configuration.
Filtration field supported by ACL includes resource MAC address, purpose MAC address, ，
VLANID, protocol type (e.g IP,ARP), resource IP, purpose IP, IP protocol type (e.g. TCP, UDP,