Acl rule numbering step, What is the acl rule numbering step, Automatic rule numbering and re-numbering – H3C Technologies H3C S5120 Series Switches User Manual

Page 529

Advertising
background image

1-3

z

auto: Sorts ACL rules in depth-first order, as described in

Table 1-2

. The depth-first order varies

with ACL categories.

Table 1-2 Sorting ACL rules in depth-first order

ACL category

Depth-first rule sorting procedures

Basic ACL

1)

A rule with more 0s in the source IP address wildcard mask takes precedence.
More 0s means a narrower IP address range.

2)

A rule with a smaller ID takes precedence.

Advanced ACL

1)

A rule configured with a specific protocol is prior to a rule with the protocol type set
to IP. IP represents any protocol over IP.

2)

A rule with more 0s in the source IP address wildcard mask takes precedence.
More 0s means a narrower IP address range.

3)

A rule with more 0s in the destination IP address wildcard mask takes precedence.

4)

A rule with a narrower TCP/UDP service port number range takes precedence.

5)

A rule with a smaller ID takes precedence.

Ethernet frame
header ACL

1)

A rule with more 1s in the source MAC address mask takes precedence. More 1s
means a smaller MAC address.

2)

A rule with more 1s in the destination MAC address mask takes precedence.

3)

A rule with a smaller ID takes precedence.

A wildcard mask, also called an inverse mask, is a 32-bit binary and represented in dotted decimal

notation. In contrast to a network mask, the 0 bits in a wildcard mask represent ‘do care’ bits, while the

1 bits represent 'don’t care bits'. If the 'do care' bits in an IP address identical to the 'do care' bits in an

IP address criterion, the IP address matches the criterion. All 'don’t care' bits are ignored. The 0s and

1s in a wildcard mask can be noncontiguous. For example, 0.255.0.255 is a valid wildcard mask. With

wildcard masks, you can create more granular match criteria than network masks.

ACL Rule Numbering Step

What is the ACL rule numbering step

If you do not assign an ID for the rule you are creating, the system automatically assigns it a rule ID.

The rule numbering step sets the increment by which the system numbers rules automatically. For

example, the default ACL rule numbering step is 5. If you do assign IDs to rules you are creating, they

are numbered 0, 5, 10, 15, and so on. The wider the numbering step, the more rules you can insert

between two rules.

By introducing a gap between rules rather than contiguously numbering rules, you have the flexibility of

inserting rules in an ACL. This feature is important for a config order ACL, where ACL rules are

matched in ascending order of rule ID.

Automatic rule numbering and re-numbering

The ID automatically assigned to an ACL rule takes the nearest higher multiple of the numbering step to

the current highest rule ID, starting with 0.

Advertising
Popular Brands
Popular manuals