ACL matching order on S series switches

If ACL rules repeat or conflict, the ACL matching order decides the matching result.
S series switches (except S1700 switches) support the configuration order (config) and the automatic order (auto).
Configuration order:
The system matches packets against ACL rules in ascending order of rule IDs. That is, the rule with the smallest ID is processed first.
If a smaller rule ID is manually specified for a rule, the rule is inserted in one of the front lines of an ACL, and the rule is processed earlier.
If no ID is manually specified for a rule, the system allocates an ID to the rule. The rule ID is greater than the largest rule ID in the ACL and is the minimum multiple of the step. Therefore, this rule is processed last.

Automatic order:
The system arranges rules according to precision degree of the rules (depth first principle), and matches packets against the rules in descending order of precision. A rule with the highest precision defines strictest conditions, and has the highest priority. The system matches packets against this rule first.

Scroll to top