3Com Switch 4800G 24-Port Configuration Manual page 837
Switch 4800g family 24-port, pwr 24-port, 48-port, pwr 48-port, 24-port sfp
Hide thumbs
Also See for Switch 4800G 24-Port:
- Product manual (13 pages) ,
- Datasheet (8 pages) ,
- Configuration manual (27 pages)
Table of Contents
Advertisement
Depth-first match for a basic IPv4 ACL
The following shows how your switch performs depth-first match in a basic IPv4
ACL:
1 Sort rules by source IP address wildcard first and compare packets against the rule
configured with more zeros in the source IP address wildcard prior to other rules.
2 If two rules are present with the same number of zeros in their source IP address
wildcards, compare packets against the rule configured first prior to the other.
Depth-first match for an advanced IPv4 ACL
The following shows how your switch performs depth-first match in an advanced
IPv4 ACL:
1 Sort rules by protocol range and compare packets against the rule with the
protocol carried on IP specified prior to the other.
2 If the protocol ranges are the same, look at source IP address wildcard. Then,
compare packets against the rule configured with more zeros in the source IP
address wildcard prior to the other.
3 If the numbers of zeros in the source IP address wildcards are the same, look at the
destination IP address wildcards. Then, compare packets against the rule
configured with more zeros in the destination IP address wildcard prior to the
other.
4 If the numbers of zeros in the destination IP address wildcards are the same, look
at the Layer 4 port number (TCP/UDP port number). Then compare packets against
the rule configured with the lower port number prior to the other.
5 If the port numbers are the same, compare packets against the rule configured
first prior to the other.
Depth-first match for an Ethernet frame header ACL
The following shows how your switch performs depth-first match in an Ethernet
frame header ACL:
1 Sort rules by source MAC address mask first and compare packets against the rule
configured with more ones in the source MAC address mask prior to other rules.
2 If two rules are present with the same number of ones in their source MAC
address masks, look at the destination MAC address masks. Then, compare
packets against the rule configured with more ones in the destination MAC
address mask prior to the other.
3 If the numbers of ones in the destination MAC address masks are the same, the
one configured first is compared prior to the other.
The comparison of a packet against an ACL stops once a match is found. The
packet is then processed as per the rule.
IPv4 ACL Step
Meaning of the step
When defining rules in an IPv4 ACL, you do not necessarily assign them numbers;
the system can do this automatically, and the step defines the increment between
two neighboring numbers. For example, with a step of 5, rules are automatically
numbered 0, 5, 10, 15, and so on. By default, the step is 5.
Introduction to IPv4 ACL
837
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
