Ipv4 Acl Step - H3C S7500E Series Operation Manual
S7500e series
Hide thumbs
Also See for H3C S7500E Series:
- Command manual (1565 pages) ,
- Command reference manual (368 pages) ,
- Installation manual (182 pages)
Table of Contents
Advertisement
Operation Manual – ACL
H3C S7500E Series Ethernet Switches
2)
If two rules are present with VPN instances, look at the protocol range in addition.
Then compare packets against the rule with the protocol carried on IP specified
prior to the other.
3)
If the protocol ranges are the same, look at source IP address wildcard. Then,
compare packets against the rule configured with more zeros in the source IP
address wildcard prior to the other.
4)
If the numbers of zeros in the source IP address wildcards are the same, look at
the destination IP address wildcards. Then, compare packets against the rule
configured with more zeros in the destination IP address wildcard prior to the
other.
5)
If the numbers of zeros in the destination IP address wildcards are the same, look
at the Layer 4 port number (TCP/UDP port number). Then compare packets
against the rule configured with the lower port number prior to the other.
6)
If the port numbers are the same, compare packets against the rule configured
first prior to the other.
III. Depth-first match for an Ethernet frame header ACL
The following shows how your switch performs depth-first match in an Ethernet frame
header ACL:
1)
Sort rules by source MAC address mask first and compare packets against the
rule configured with more ones in the source MAC address mask prior to other
rules.
2)
If two rules are present with the same number of ones in their source MAC
address masks, look at the destination MAC address masks. Then, compare
packets against the rule configured with more ones in the destination MAC
address mask prior to the other.
3)
If the numbers of ones in the destination MAC address masks are the same, the
one configured first is compared prior to the other.
The comparison of a packet against an ACL stops once a match is found. The packet is
then processed as per the rule.
1.2.4 IPv4 ACL Step
I. Meaning of the step
When defining rules in an IPv4 ACL, you do not necessarily assign them numbers; the
system can do this automatically, and the step defines the increment between two
neighboring numbers. For example, with a step of 5, rules are automatically numbered
0, 5, 10, 15, and so on. By default, the step is 5.
Whenever the step changes, the rules are renumbered. Continuing with the above
example, if you change the step from 5 to 2, the rules are renumbered 0, 2, 4, 6, and so
on.
1-4
Chapter 1 ACL Overview
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
