What is the matching order of an ACL on a WLAN device

If ACL rules repeat or conflict, the matching order decides the packet matching result.

WLAN devices support two ACL matching orders: the configuration order (config) and the automatic order (auto).

Configuration order

The system matches packets against ACL rules in ascending order of rule IDs. That is, the rule with the smallest ID is processed first.

If a smaller rule ID is manually specified for a rule, the rule is inserted in one of the front lines of an ACL and processed earlier.

If no ID is manually specified for a rule, the system allocates an ID to the rule. The rule ID is greater than the largest rule ID in the ACL and is the minimum multiple of the step; therefore, this rule is processed last.

Automatic order

The system arranges rules according to precision degree of the rules (depth priority), and matches packets against the rules in descending order of precision. A rule with the highest precision defines strictest conditions, and has the highest priority. The system matches packets against this rule first.

Scroll to top