Download Print this page

Introduction To Ipv4 Acl - 3Com Switch 4800G 24-Port Configuration Manual

Switch 4800g family 24-port, pwr 24-port, 48-port, pwr 48-port, 24-port sfp

Hide thumbs Also See for Switch 4800G 24-Port:

Product manual (13 pages)

,

Datasheet (8 pages)

,

Configuration manual (27 pages)

Table of Contents

Advertisement

836

C

62: ACL O

HAPTER

Introduction to IPv4

ACL

IPv4 ACL Classification

IPv4 ACL Naming

IPv4 ACL Match Order

VERVIEW

n

When an ACL is assigned to a piece of hardware and referenced by a QoS

■

policy for traffic classification, the switch does not take action according to the

traffic behavior definition on a packet that does not match the ACL.

When an ACL is referenced by a piece of software to control Telnet, SNMP, and

■

Web login users, the switch denies all packets that do not match the ACL.

This section covers these topics:

"IPv4 ACL Classification" on page 836

■

"IPv4 ACL Naming" on page 836

■

"IPv4 ACL Match Order" on page 836

■

"IPv4 ACL Step" on page 837

■

"Effective Period of an IPv4 ACL" on page 838

■

"IP Fragments Filtering with IPv4 ACL" on page 838

■

IPv4 ACLs, identified by ACL numbers, fall into four categories, as shown in

Table 63.

Table 63 IPv4 ACL categories

Category

Basic IPv4 ACL

Advanced IPv4 ACL

Ethernet frame header

ACL

When creating an IPv4 ACL, you can specify a unique name for it. Afterwards, you

can identify the ACL by its name.

An IPv4 ACL can have only one name. Whether to specify a name for an ACL is up

to you. After creating an ACL, you cannot specify a name for it, nor can you

change or remove the name of the ACL.

n

The name of an IPv4 ACL must be unique among IPv4 ACLs. However, an IPv4 ACL

and an IPv6 ACL can share the same name.

An ACL consists of multiple rules, each of which specifies different matching

criteria. These criteria may have overlapping or conflicting parts. This is where the

order in which a packet is matched against the rules comes to rescue.

Two match orders are available for IPv4 ACLs:

config: where packets are compared against ACL rules in the order in which

■

they are configured.

auto: where depth-first match is performed. The term depth-first match has

■

different meanings for different types of ACLs.

ACL number

Matching criteria

2000 to 2999

Source IP address

3000 to 3999

Source IP address, destination IP address,

protocol carried on IP, and other Layer 3 or

Layer 4 protocol header information

4000 to 4999

Layer 2 protocol header fields such as source

MAC address, destination MAC address,

802.1p priority, and link layer protocol type

Table of Contents

Show Quick Links

Hide quick links:

Advertisement

Table of Contents

Troubleshooting

This manual is also suitable for:

Switch 4800g pwr 24-port Switch 4800g 48-port Switch 4800g pwr 48-portd 4800g 3crs48g-24-91 3crs48g-48-91 ... Show all