3Com Switch 7750 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

631

632

633

634

635

636

637

638

639

640

Choosing ACL Mode for Traffic Flows 639

Layer 2 ACL depth-first order

With the depth-first rule adopted, the rules of a Layer 2 ACL are matched in the

order of the mask length of the source MAC address and destination MAC

address. The longer of the mask is, the higher the match priority is. If two mask

lengths are the same, the priority of the match rule configured earlier is higher. For

example, the priority of the match rule with source MAC address mask

FFFF-FFFF-0000 is higher then the priority of the match rule with source MAC

address mask FFFF-0000-0000.

ACLs Based on Time

Ranges

A time range-based ACL enables you to implement ACL control over packets by

differentiating the time ranges.

A time range can be specified in each rule in an ACL. If the time range specified in

a rule is not configured, the system will give a prompt message and allow such a

rule to be successfully created. However, the rule does not take effect immediately.

It takes effect only when the specified time range is configured and the system

time is within the time range. If you remove the time range of an ACL rule, the

ACL rule becomes invalid the next time the ACL rule timer refreshes.

Types of ACLs Supported

by the Ethernet Switch

The following types of ACLs are supported by the Ethernet switch:

■ Basic ACL

■ Advanced ACL

■ Layer 2 ACL

■ User-defined ACL

Choosing ACL Mode

for Traffic Flows

A switch can only choose one ACL mode for traffic flows, Layer 2 ACL mode or

Layer 3 ACL mode. In Layer 2 ACL mode, only Layer 2 ACL can be activated or

referenced by other applications, and Layer 3 ACL is similar.

Configuration Procedure

This configuration is only effective on Type A I/O Modules.

Configuration Example # Configure the ACL mode for traffic flows as link-based.

Table 507 Configure ACL mode for traffic flows

Operation Command Description

Enter system view system-view -

Configure ACL mode for

traffic flows

acl mode { ip-based |

link-based }

Required

By default, a switch chooses

ip-based ACL mode for

traffic flows, that is, ACL

classifies the traffic flows

based on Layer 3 information.

Display the ACL mode for

traffic flows

display acl mode Optional

The display command can be

executed in any view