3Com Switch 8800 Family Configuration Guide
168 CHAPTER 21: ACL CONFIGURATION
configured with any are put to the end and other rules follow config order; for
advanced ACL rules, first compare the wildcards of source addresses, then the
wildcards of destination addresses if those of source addresses are equal, then the
port IDs if the wildcards of destination addresses are still equal. Follow config
order if port IDs are also equal.
n
The user-defined ACL matching order takes effect only when multiple rules of one
ACL are applied at the same time. For example, an ACL has two rules. If the two
rules are not applied simultaneously, even if you configure the matching order to
be depth first, the switch still matches them according to their application order.
If one rule is a subset of another rule in an ACL, it is recommended to apply the
rules according to the range of the specified packets. The rule with the smallest
range of the specified data packets is applied first, and then other rules are applied
based on this principle.
ACLs Supported The switch supports these types of ACLs:
■ Number-based basic ACLs
■ Name-based basic ACLs
■ Number-based advanced ACLs
■ Name-based advanced ACLs
■ Number-based Layer 2 ACLs
■ Name-based Layer 2 ACLs
The requirements for the various ACLs available on the switch are listed in the
following table.
Tabl e 143 Requirements for defining ACLs
Item Number range Maximum number
Number-based basic ACL 2000 to 2999 1000
Number-based advanced ACL 3000 to 3999 1000
Number-based Layer 2 ACL 4000 to 4999 1000
Name-based basic ACL - -
Name-based advanced ACL - -
Name-based Layer 2 ACL - -
Maximum rules for an ACL 0 to 127 128
Maximum rules for the system - 12288
Tabl e 144 Max ACL rules that can be activated on different interface cards
Interface card suppfix MPLS support
Max number of ACL rules
supported for each
card/interface
B
MPLS not supported 1024
DA
DB
DC