3Com Switch 8800 Family Configuration Guide
ACL Configuration Tasks 173
n
■ The numbers listed in the table are not the actual length of these elements in IP
packets, but their length in flow template. DSCP field is one byte in flow
template, but six bits in IP packets. You can determine whether the total length
of template elements exceeds 16 bytes using these numbers.
■ The dscp, exp, ip-precedence and tos fields jointly occupy one byte. One byte is
occupied no matter you define one, two or three of these fields.
■ The cos and s-tag-vlan fields jointly occupy two bytes. Two bytes are occupied
no matter you define one or two of them. The c-tag-cos and c-tag-vlanid fields
jointly occupy two bytes. Two bytes are occupied no matter you define one or
two of them.
■ The fragment-flags and mac-type fields are 0 in length in flow template, so
they can be ignored when you determine whether the total length of template
elements exceeds 16 bytes.
You can either use the default template or define a flow template based on your
needs.
n
Default flow template:
ip-protocol tcp-flag sport dport icmp-type icmp-code sip 0.0.0.0 dip 0.0.0.0
vlanid.
You cannot modify or delete the default flow template.
Applying Flow Template
Perform the following configurations in Ethernet port view to apply the
user-defined flow template to current port.
Defining ACL The switch supports several types of ACLs, which are described in this section.
Follow these steps to define an ACL
1 Enter the corresponding ACL view
2 Define ACL rules
n
vlanid
Vlan ID that the switch assigns to the
packet
2 bytes
vpn
The flow template pre-defined for
MPLS2VPN
2 bytes
Table 149 Length of template elements
Name Description Length in template
Tab le 150 Apply/Cancel flow template
Operation Command
Apply the user-defined flow template flow-template user-defined
Cancel the applied flow template undo flow-template user-defined