EasyManua.ls Logo

3Com Switch 4800G 24-Port - Introduction to Ipv4 ACL

3Com Switch 4800G 24-Port
1246 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
836 CHAPTER 62: ACL OVERVIEW
n
When an ACL is assigned to a piece of hardware and referenced by a QoS
policy for traffic classification, the switch does not take action according to the
traffic behavior definition on a packet that does not match the ACL.
When an ACL is referenced by a piece of software to control Telnet, SNMP, and
Web login users, the switch denies all packets that do not match the ACL.
Introduction to IPv4
ACL
This section covers these topics:
“IPv4 ACL Classification” on page 836
“IPv4 ACL Naming” on page 836
“IPv4 ACL Match Order” on page 836
“IPv4 ACL Step” on page 837
“Effective Period of an IPv4 ACL” on page 838
“IP Fragments Filtering with IPv4 ACL” on page 838
IPv4 ACL Classification IPv4 ACLs, identified by ACL numbers, fall into four categories, as shown in
Table 63.
IPv4 ACL Naming When creating an IPv4 ACL, you can specify a unique name for it. Afterwards, you
can identify the ACL by its name.
An IPv4 ACL can have only one name. Whether to specify a name for an ACL is up
to you. After creating an ACL, you cannot specify a name for it, nor can you
change or remove the name of the ACL.
n
The name of an IPv4 ACL must be unique among IPv4 ACLs. However, an IPv4 ACL
and an IPv6 ACL can share the same name.
IPv4 ACL Match Order An ACL consists of multiple rules, each of which specifies different matching
criteria. These criteria may have overlapping or conflicting parts. This is where the
order in which a packet is matched against the rules comes to rescue.
Two match orders are available for IPv4 ACLs:
config: where packets are compared against ACL rules in the order in which
they are configured.
auto: where depth-first match is performed. The term depth-first match has
different meanings for different types of ACLs.
Table 63 IPv4 ACL categories
Category ACL number Matching criteria
Basic IPv4 ACL 2000 to 2999 Source IP address
Advanced IPv4 ACL 3000 to 3999 Source IP address, destination IP address,
protocol carried on IP, and other Layer 3 or
Layer 4 protocol header information
Ethernet frame header
ACL
4000 to 4999 Layer 2 protocol header fields such as source
MAC address, destination MAC address,
802.1p priority, and link layer protocol type

Table of Contents

Related product manuals