Table of Contents
Advertisement
Category
Advanced IPv4 ACL
Ethernet frame header ACL
IPv4 ACL Naming
When creating an IPv4 ACL, you can specify a unique name for it. Afterwards, you can identify the ACL
by its name.
An IPv4 ACL can have only one name. Whether to specify a name for an ACL is up to you. After
creating an ACL, you cannot specify a name for it, nor can you change or remove its name.
The name of an IPv4 ACL must be unique among IPv4 ACLs. However, an IPv4 ACL and an IPv6 ACL
can share the same name.
IPv4 ACL Match Order
An ACL may consist of multiple rules, which specify different matching criteria. These criteria may have
overlapping or conflicting parts. The match order is for determining how packets should be matched
against the rules.
Two match orders are available for IPv4 ACLs:
config: Packets are compared against ACL rules in the order the rules are configured.
auto: Packets are compared against ACL rules in the depth-first match order.
The term depth-first match has different meanings for different types of ACLs:
Depth-first match for a basic IPv4 ACL
The following shows how your device performs depth-first match in a basic IPv4 ACL:
1)
Sort rules by source IP address wildcard mask and compare packets against the rule configured
with more zeros in the source IP address wildcard.
2)
If two rules are present with the same number of zeros in their source IP address wildcards,
compare packets against the rule configured first.
ACL number
3000 to 3999
4000 to 4999
1-2
Matching criteria
Source IP address, destination
IP address, protocol carried
over IP, and other Layer 3 or
Layer 4 protocol header
information
Layer 2 protocol header fields
such as source MAC address,
destination MAC address,
802.1p priority, and link layer
protocol type
Advertisement
Chapters
Table of Contents
Troubleshooting
