Ipv6 Acl Step; Effective Period Of An Ipv6 Acl - H3C S7500E Series Operation Manual
S7500e series
Hide thumbs
Also See for H3C S7500E Series:
- Command manual (1565 pages) ,
- Command reference manual (368 pages) ,
- Installation manual (182 pages)
Table of Contents
Advertisement
Operation Manual – ACL
H3C S7500E Series Ethernet Switches
II. Depth-first match for an advanced IPv6 ACL
The following shows how your switch performs depth-first match in an advanced IPv6
ACL:
1)
Sort rules by protocol range first, and compare packets against the rule with the
protocol carried on IPv6 specified prior to other rules.
2)
If two rules are present with the same protocol range, look at source IPv6 address
wildcard in addition. Then, compare packets against the rule configured with a
larger prefix length in the source IPv6 address wildcard prior to the other.
3)
If the prefix lengths in the source IPv6 address wildcards are the same, look at the
destination IPv6 address wildcards. Then, compare packets against the rule
configured with a larger prefix length in the destination IPv6 address wildcard prior
to the other.
4)
If the prefix lengths in the destination IPv6 address wildcards are the same, look at
the Layer 4 port number (TCP/UDP port number). Then compare packets against
the rule configured with the lower port number prior to the other.
5)
If the port numbers are the same, compare packets against the rule configured
first prior to the other.
The comparison of a packet against an ACL stops once a match is found. The packet is
then processed as per the rule.
1.3.4 IPv6 ACL Step
Refer to
1.3.5 Effective Period of an IPv6 ACL
Refer to
IPv4 ACL
Step.
Effective Period of an IPv4
ACL.
1-7
Chapter 1 ACL Overview
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
