3
By introducing a gap between rules rather than contiguously numbering rules, you have the flexibility
of inserting rules in an ACL. This feature is important for a config-order ACL, where ACL rules are
matched in ascending order of rule ID.
Automatic rule numbering and renumbering
The ID automatically assigned to an ACL rule takes the nearest higher multiple of the numbering step
to the current highest rule ID, starting with 0.
For example, if the step is 5, and there are five rules numbered 0, 5, 9, 10, and 12, the newly defined
rule is numbered 15. If the ACL does not contain a rule, the first rule is numbered 0.
Whenever the step changes, the rules are renumbered, starting from 0. For example, changing the
step from 5 to 2 renumbers rules 5, 10, 13, and 15 as rules 0, 2, 4, and 6.
Fragments filtering with ACLs
Traditional packet filtering matches only first fragments of packets, and al lows all subsequent
non-first fragments to pass through. Attackers can fabricate non-first fragments to attack networks.
To avoid the risks, the ACL feature is designed as follows:
• Filters all fragments by default, including non-first fragments.
• Allows for matching criteria modification for efficiency. For example, you can configure the ACL
to filter only non-first fragments.
Compatibility information
Feature and hardware compatibility
WX1800H series
WX1804H
WX1810H
WX1820H
Yes
WX2500H series
WX2510H
WX2540H
WX2560H
Yes
WX3000H series
WX3010H
WX3010H-L
WX3010H-X
WX3024H
WX3024H-L
Yes:
• WX3010H
• WX3010H-X
• WX3024H
No:
• WX3010H-L
• WX3024H-L
WX3500H series
WX3508H
WX3510H
WX3520H
WX3540H
Yes
WX5500E series
WX5510E
WX5540E
Yes
WX5500H series WX5540H Yes
To Next Page
Loading...
