摘要 |
An IP source guard (IPSG) access control method and apparatus, comprising: adding an IPSG matching condition to every rule in access control list (ACL) software entries, adding to the ACL software entries a first rule including only the IPSG matching conditions in the ACL software entries and a second rule to discard data packets that do not comprise the IPSG matching conditions, to obtain new ACL software entries; and sending the new ACL software entries to a hardware used for generating hardware entries, such that the hardware generates hardware entries on the basis of the ACL software entries; the embodiments of the present invention implement simultaneous IPSG and ACL validity whilst maximising ACL resource utilisation. |