EasyManuals Logo

D-Link xStack DGS-3610 Series User Manual

D-Link xStack DGS-3610 Series
703 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #616 background imageLoading...
Page #616 background image
Chapter 44 Access Control List Configuration DGS-3610 Series Configuration Guide
44-16
44.6 Configuring Access List ACL80
The ACL80 is also called the user-defined access list, which means matching the first 80
bytes of a packet for filtering. A packet consists of a series of byte flows. The ACL80 enables
a user to match and filter the specified 16 bytes by bits in the first 80 bytes.
Note
The specified 16 bytes do not include the following fields:
Packet SMAC, DMAC,SIP, DIP,ETYPE,PROTOCOL,L4_SPORT, L4_DPORT,VID.
Besides matching the above fields, you can match 16 bytes
For any 16-byte field, it is possible to compare the configured value by bits. In other words, it
allows setting any bit of those 16 bytes to 0 or 1. There are two factors in filtering any byte:
filtering rule and filter domain template. The bits of the both correspond to each uniquley.
The filtering rule specifies the value of the field to be filtered. The filter domain template
specifies whether to filter the related fields in the filtering rule (1 indicates matching the bit in
the corresponding filtering rule, 0 for not). Therefore, when it is time to match a bit, it is
required to set 1 for the corresponding bit in the filter domain template. If the filter domain
template bit is set to 0, no match will be done no matter what the corresponding bit is in the
filtering rule.
For example,
DGS-3610(config)# expert access-list advanced name
DGS-3610(config-exp-dacl)# permit 00d0f8123456 ffffffffffff 0
DGS-3610(config-exp-dacl)# deny 00d0f8654321 ffffffffffff 6
The user-defined access control list matches any byte of the first 80 bytes in the layer-2 data
frames according to the user definitions, and then performs corresponding processing for
the packets. To use the user-defined access control list correctly, it is necessary to have
in-depth knowledge about the structure of layer-2 data frame. The following illustrates the
first 64 bytes in a layer-2 data frame (each letter indicates a hexadecimal number, and each
two letters indicate a byte).
AA AA AA AA AA AA BB BB BB BB BB BB CC CC DD DD
DD DD EE FF GG HH HH HH II II JJ KK LL LL MM MM
NN NN OO PP QQ QQ RR RR RR RR SS SS SS SS TT TT
UU UU VV VV VV VV WW WW WW WW XY ZZ aa aa bb bb
In the figure above, the meaning of each letter and the value of offset are shown below:
Letter
Meaning
Offset
Letter
Meaning
Offset
A
Destination MAC
0
O
TTL field
34
B
Source MAC
6
P
Protocol ID
35
C
Data frame length field
12
Q
IP checksum
36

Table of Contents

Other manuals for D-Link xStack DGS-3610 Series

Preview: Hardware Installation Guide
Hardware Installation Guide26 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the D-Link xStack DGS-3610 Series and is the answer not in the manual?

D-Link xStack DGS-3610 Series Specifications

General IconGeneral
BrandD-Link
ModelxStack DGS-3610 Series
CategorySwitch
LanguageEnglish

Related product manuals