Manualshelf

Technical data

ManualsBrandsBlade Network Technologies ManualsComputer AccessoriesG8000
101102103104105106107108109110
BLADE OS 5.1 Application Guide
102
Chapter 7: Quality of Service BMD00136, November 2009
Within each precedence group, ACLs that are assigned to the port are processed in numeric
sequence, based on ACL number. Lower-numbered ACLs take precedence over higher-numbered
ACLs. For example, ACL 1 (if assigned to the port) is evaluated first and has top priority within
precedence group 1.
For each precedence group, only the first assigned ACL that matches the port traffic is considered.
If multiple ACLs in the precedence group match the traffic, only the one with the lowest ACL
number is considered. The others in the precedence group are ignored.
One ACL match from each precedence group is permitted, meaning that up to six ACL matches
may be considered for action: one from precedence group 1, and one from precedence group 2, and
so on.
Of the matching ACLs that are permitted, each configured ACL action is applied in sequence, based
on ACL number, with the lowest-numbered ACLs action applied first. If any ACL action
contradicts the action of a preceding ACL (one with a lower ACL number), the action of the
higher-numbered ACL is ignored.
If no assigned ACL matches the port traffic, no ACL action is applied.
ACL Groups
ACLs allow you to classify packets according to a particular content in the packet header, such as
the source address, destination address, source port number, destination port number, and others.
Once classified, packet flows can be identified for more processing.
To assist in organizing multiple ACLs and assigning them to ports, you can place ACLs into ACL
Groups, thereby defining complex traffic profiles. ACLs and ACL Groups can then be assigned on
a per-port basis. Any specific ACL can be assigned to multiple ACL Groups, and any ACL or ACL
Group can be assigned to multiple ports. If, as part of multiple ACL Groups, a specific ACL is
assigned to a port multiple times, only one instance is used. The redundant entries are ignored.
Individual ACLs
The G8000 supports up to 640 ACLs. Each ACL defines one filter rule for matching traffic
criteria. Each filter rule can also include an action (permit or deny the packet). For example:
ACL 1:
VLAN = 1
SIP = 10.10.10.1 (255.255.255.0)
Action = permit