EasyManuals Logo

H3C S3600 Series User Manual

H3C S3600 Series
966 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #630 background imageLoading...
Page #630 background image
Operation Manual – ACL
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
ACL Configuration
1-2
z auto, where the rules in an ACL are matched in the order determined by the
system, namely the “depth-first” order.
When applying ACLs in this way, you can specify the order in which the rules in the ACL
are matched. The matching order cannot be modified once it is determined unless you
delete all the rules in the ACL.
An ACL is referenced by an upper-layer module when it is
z Referenced by route policies
z Used to control login users
1.1.2 ACL Matching Order
An ACL can contain multiple rules, each of which matches specific type of packets. So
the order in which the rules of an ACL are matched needs to be determined.
The order in which the rules of an ACL are matched can be:
z The order the rules are created.
z The order determined by the system. In this case, the rues are matched according
to the “depth-first” rule.
With the depth-first rule adopted, the rules of an ACL are matched according to:
1) Protocol range. The range for IP is 1 to 255 and those of other protocols are their
protocol numbers. The smaller the protocol range, the higher the priority.
2) Range of source IP address. The smaller the source IP address range (that is, the
longer the mask), the higher the priority.
3) Range of destination IP address. The smaller the destination IP address range
(that is, the longer the mask), the higher the priority.
4) Range of Layer 4 port number, that is, of TCP/UDP port number. The smaller the
range, the higher the priority.
If rule A and rule B are the same in all the four ACEs (access control elements) above,
and also in their numbers of other ACEs to be considered in deciding their priority order,
the weighting principles will be used in deciding their priority order, as listed below.
z Each ACE is given a fixed weighting value. This weighting value and the value of
the ACE itself will jointly decide the final matching order.
z The weighting values of ACEs rank in the following descending order: DSCP, ToS,
ICMP, established, precedence, fragment.
z A fixed weighting value is deducted from the weighting value of each ACE of the
rule. The smaller the weighting value left, the higher the priority.
z If the number and type of ACEs are the same for multiple rules, then the sum of
ACE values of a rule determines its priority. The smaller the sum, the higher the
priority.

Table of Contents

Other manuals for H3C S3600 Series

Preview: Command Manual
Command Manual1277 pages
Preview: Installation Manual
Installation Manual98 pages
Preview: Datasheet
Datasheet10 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the H3C S3600 Series and is the answer not in the manual?

H3C S3600 Series Specifications

General IconGeneral
BrandH3C
ModelS3600 Series
CategorySwitch
LanguageEnglish

Related product manuals