The system exits the matching process when the first match is found and then executes the actions in accordance with the specified action. Because the ordering of entries is important, the numbering sequence can be rearranged. Entries should be numbered from the most explicit to the least explicit.
Use the following syntax to renumber existing MAC or IP filter entries to re-sequence filter entries.
config>filter
ip-filter filter-id
renum old-entry-number new-entry-number
mac-filter filter-id
renum old-entry-number new-entry-number
config>filter>ip-filter# renum 10 15
config>filter>ip-filter# renum 20 10
config>filter>ip-filter# renum 40 1
The following is a sample original filter entry order on the left side and the reordered filter entries on the right side.
|
A:ALA-7>config>filter# info ---------------------------------------------- ... ip-filter 11 create description "filter-main" scope exclusive entry 10 create description "no-91" match dst-ip 10.10.10.91/24 src-ip 10.10.10.103/24 exit action forward exit entry 20 create match dst-ip 10.10.10.91/24 src-ip 10.10.0.100/24 exit action drop exit entry 30 create match dst-ip 10.10.10.91/24 src-ip 10.10.0.200/24 exit action forward exit entry 40 create match dst-ip 10.10.10.91/24 src-ip 10.10.10.106/24 exit action drop exit exit ... ---------------------------------------------- A:ALA-7>config>filter# |
A:ALA-7>config>filter# info ---------------------------------------------- ... ip-filter 11 create description "filter-main" scope exclusive entry 1 create match dst-ip 10.10.10.91/24 src-ip 10.10.10.106/24 exit action drop exit entry 10 create match dst-ip 10.10.10.91/24 src-ip 10.10.0.100/24 exit action drop exit entry 15 create description "no-91" match dst-ip 10.10.10.91/24 src-ip 10.10.10.103/24 exit action forward exit entry 30 create match dst-ip 10.10.10.91/24 src-ip 10.10.0.200/24 exit action forward exit exit ... ---------------------------------------------- A:ALA-7>config>filter# |