ES-3100 Series Switch Support Notes
All contents copyright (c) 2006 ZyXEL Communications Corporation.
98
Setting up Classifier & Policy rule to perform Access
Control on your Switch
Introduction on ACL
ACL (Access Control List) is the name of a combination of Classifier and Policy
Rule. A classifier groups traffic into data flows according to specific criteria
such as the source address, destination address, source port number,
destination port number or incoming port number. For example, you can
configure a classifier to select traffic from the same protocol port (such as
Telnet) to form a flow. A policy rule ensures that a traffic flow gets the
requested treatment in the network. Please be advised that you must first
configure a classifier in the Classifier screen before you configure a policy rule.
The relative weight of parameters in ACL
In the classifier, there are a lot of parameters that we can set. Each
parameter holds a relative weight. This relative weight is meaningless unless
there is a multiple match (or conflict) on the rules.
Here is the order of weight from lowest to the highest:
1. [ Source-port ]
2. [ Destination-port ]
3. [ Packet-format ]
4. [ Destination-mac ]
5. [ Source – mac ]
6. [ Priority ]
7. [ VLAN ID ]
8. [ Ethernet-type ]
9. [ DSCP ]
10. [ IP-Protocol ]
11. [ Source-IP ]
12. [ Destination-IP ]
13. [ Source – Socket ]
14. [ Destination – Socket ]
15. [ Establish Only ]
If you choose a combination of parameters as your rules, the rule with a
