Installation manual
Operation Manual - QoS/ACL
Quidway S3000-EI Series Ethernet Switches Chapter 1
ACL Configuration
Huawei Technologies Proprietary
1-2
matching the
rule, i.e. in depth-first order). Once the user specifies the match-order of an access
Note:
the rule) and auto (according to the system sorting automatically when
control rule, he cannot modify it later, unless he deletes all the content and specifies the
match-order again.
The case includes: ACL cited by route policy function, ACL used for control logon user,
etc.
The depth-first principle is to put the statement specifying the smallest range of packets
on th
e top of the list. This can be implemented through comparing the wildcards of the
ddresses. The smaller the wildcard is, the less hosts it can specify. For example,
129.102.1.1 0.0.0.0 specifies a host, while 129.102.1.1 0.0.255.255 specifies a network
29.102.0.1 through 129.102.255.255. Obviously, the former one is listed
ring the source address wildcards first. If
a
segment, 1
ahead in the access control list.
The specific standard is as follows.
For basic access control list statements, comparing the source address wildcards
directly. If the wildcards are same, follow the configuration sequence.
For the access control list based on the interface filter, the rule that is configured with
any is listed in the end, while others follow the configuration sequence.
For the advanced access control list, compa
they are the same, then comparing
the destination address wildcards. For the same
destination address wildcards, comparing the ranges of port number, the one with
smaller range is listed ahead. If the port numbers are in the same ra
nge, follow the
configuration sequence.
ported by the Ethernet Switch
For Ethernet Switch, ACLs
1.1.2 ACL Sup
are divided into the following categories:
z Numbered basic ACL.
Named basic ACL.
z Numbered advanced ACL.
z Numbered Layer-2 ACL.
ACL.
ACL.
the numbers of different ACL on a switch.
z
z Named advanced ACL.
z Named Layer-2 ACL.
z Numbered user-defined
z Named user-defined
The table below lists the limits to