Operation Manual - QoS/ACL
Quidway S6500 Series Ethernet Switches Chapter 1 ACL Configuration
Huawei Technologies Proprietary
1-3
 Note:
The depth-first principle is to put the statement specifying the smallest range of packets
on the top of the list. This can be implemented through comparing the wildcards of the
addresses. The smaller the wildcard is, the less hosts it can specify. For example,
129.102.1.1 0.0.0.0 specifies a host, while 129.102.1.1 0.0.255.255 specifies a network
segment, 129.102.0.1 through 129.102.255.255. Obviously, the former one is listed
ahead in the access control list.
The specific standard is as follows.
For basic access control list statements, comparing the source address wildcards
directly. If the wildcards are same, follow the configuration sequence.
For the access control list based on the interface filter, the rule that is configured with
any is listed in the end, while others follow the configuration sequence.
For the advanced access control list, comparing the source address wildcards first. If
they are the same, then comparing the destination address wildcards. For the same
destination address wildcards, comparing the ranges of port number, the one with
smaller range is listed ahead. If the port numbers are in the same range, follow the
configuration sequence.
1.1.2 ACL Supported by Ethernet Switch
For Ethernet Switch, ACLs are divided into the following categories:
z Numbered basic ACL.
z Named basic ACL.
z Numbered advanced ACL.
z Named advanced ACL.
z Numbered Layer-2 ACL.
z Named Layer-2 ACL.
z Numbered User-defined ACL.
z Named User-defined ACL.
The table below lists the limits to the numbers of different ACL on a switch.
Table 1-2 Quantitative limitation to the ACL
Item Value range Maximum
Numbered basic ACL.
2000 to 2999
-
Numbered advanced ACL.
3000 to 3999
-
Numbered Layer-2 ACL.
4000 to 4999
-
To Next Page
Loading...
Need help?
General
