Accton Technology ES4626 User Manual

362

several nodes each of which is a unit for matching test. We match among nodes with by

sequence-number. Match clauses define matching rules. The matching objects are some

properties of routing messages. Different match clause in the same node is “and” relation

logically, which means the matching test of a node, will not be passed until conditions in

its entire match clause are matched. Set clause specifies actions, namely configure some

properties of routing messages after the matching test is passed.

Different nodes in a route-map is an “or” relation logically. The system checks each

node of the route-map in turn and once certain node test is passed the route-map test will

be passed without taking the next node test.

2. access control list(acl)

ACL (Access Control Lists) is a data packet filter mechanism in the switch which is

by permitting or denying certain data packet transmtting out from or into the network, the

switch controls the network access and secure the network service. Users can establish

a group of rules by certain messages in the packet, in which each rule to be applied on

certain amount of matching messages: permit or deny. The users can apply these rules

to the entrance or exit of specified switch, with which data stream in certain direction on

certain port would have to follow the specified ACL rules in-and-out the switch. Please

refer to chapter “ACL Configuration”.

3. Ip-prefix list

The ip-prefix list acts similarly to acl while more flexible and more understandable.

The match object of ip-prefix is the destination address messages field of routing

messages when applied in routing messages filtering.

An ip-prefix is identified by prefix list name. Each prefix list may contain multiple

items, each of which specifies a matching range of a network prefix type and identifies

with a sequence-number which specifies the matching check order of ip-prefix.

In the process of matching, the switch check each items identified by

sequence-number in ascending order and the filter will be passed once certain items is

matched( without checking rest items)

4. Autonomic system path information access-list as-path

The autonomic system path information access-list as-path is only used in BGP. In

the BGP routing messages packet there is an autonomic system path field (in which

autonomic system path the routing messages passes through is recorded). As-path is

specially for specifying matching conditions for autonomic system path field.

As for relevant as-path configurations, please refer to the ip as-path command in

BGP configuration.

5. community-list

Community-list is only for BGP. There is a community property field in the BGP

routing messages packet for identifying a community. The community list is for specifying