Configuring Time Ranges - 3Com 4200G 12-Port Configuration Manual
4200g series switch
Hide thumbs
Also See for 4200G 12-Port:
- Configuration manual (730 pages) ,
- Getting started manual (104 pages) ,
- Quick reference manual (43 pages)
Table of Contents
Advertisement
202
C
26: ACL C
HAPTER
ACL Match Order
ACLs Based on Time
Ranges
Types of ACLs Supported
by the Ethernet Switch
Configuring Time
Ranges
ONFIGURATION
An ACL may contain a number of rules, and each rule specifies a different packet
range. This brings about the issue of match order when packets are matched.
An ACL supports the following four types of match orders:
Configured order: ACL rules are matched according to the configured order.
■
Automatic ordering: ACL rules are matched according to "depth-first" order.
■
"Depth-first" order is described as follows:
The "depth-first" ordering of rules in IP ACLs (basic and advanced ACLs) is
■
implemented based on the lengths of the source IP address masks and the
destination IP address masks. The rule with the longest masks is first matched, and
then comes the rule with the second longest masks, and so on. In the ordering,
the lengths of the source IP address masks are compared first; if the source IP
address masks have the same length, the lengths of the destination IP address
masks are compared. For example, the rule of which the source IP address mask is
255.255.255.0 precedes the rule of which the source IP address mask is
255.255.0.0 in the match order.
A Time-range-based ACL enables you to implement ACL control over packets by
differentiating the time ranges.
A time range can be specified in each rule in an ACL. If the time range specified in a
rule is not configured, the system will give a prompt message and allow the rule to be
successfully created. However, the rule does not take effect immediately. It takes
effect only when the specified time range is configured and the system time is within
the time range.
There is no hardware clock on the 4200G. The date and time will be reset to 23:55:00
2000/04/01 when the system is rebooted or power cycled. If you are using time based
ACLs, the clock must be set using the clock command in user view after a reboot or
power cycle. In an environment that requires exact time, you must use NTP (Network
Time Protocol) to obtain and set the current date and time of the Ethernet switch.
The following types of ACLs are supported by the Ethernet switch:
Basic ACL
■
Advanced ACL
■
Layer 2 ACL
■
A number of time sections can be configured under the same time range name, and
there is an "OR" relationship among these sections.
The time range configuration tasks include configuring periodic time sections and
configuring absolute time sections. A periodic time section appears as a period of
time in a day of the week, while an absolute time section appears in the form of "the
start time to the end time".
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
