Application of acls on the switch, Acl classification – H3C Technologies H3C S7500E Series Switches User Manual

Page 12

Advertising
background image

1-2

efficiently prevent illegal users from accessing networks and to control network traffic and save

network resources. Access control lists (ACL) are often used to filter packets with configured matching

rules.

ACLs are sets of rules (or sets of permit or deny statements) that decide what packets can pass and

what should be rejected based on matching criteria such as source MAC address, destination MAC

address, source IP address, destination IP address, and port number.

Application of ACLs on the Switch

The switch supports two ACL application modes:

z

Hardware-based application: An ACL is assigned to a piece of hardware. For example, an ACL

can be referenced by QoS for traffic classification. Note that when an ACL is referenced to

implement QoS, the actions defined in the ACL rules, deny or permit, do not take effect; actions to

be taken on packets matching the ACL depend on the traffic behavior definition in QoS. For details

about traffic behavior, see QoS Configuration Approaches in ACL and QoS Configuration Guide.

z

Software-based application: An ACL is referenced by a piece of upper layer software. For

example, an ACL can be referenced to configure login user control behavior, thus controlling

Telnet, SNMP and Web users. Note that when an ACL is reference by the upper layer software,

actions to be taken on packets matching the ACL depend on those defined by the ACL rules. For

details about login user control, see User Login Control in Fundamentals Configuration Guide.

z

When an ACL is assigned to a piece of hardware and referenced by a QoS policy for traffic

classification, the switch does not take action according to the traffic behavior definition on a

packet that does not match the ACL.

z

When an ACL is referenced by a piece of software to control Telnet, SNMP, and Web login users,

the switch denies all packets that do not match the ACL.

ACL Classification

ACLs fall into three categories, as shown in

Table 1-1

.

Table 1-1 ACL categories

Category

ACL number

IP version

Match criteria

IPv4

Source IPv4 address

Basic ACLs

2000 to 2999

IPv6

Source IPv6 address

Advanced ACLs

3000 to 3999

IPv4

Source/destination IPv4 address, protocols

over IPv4, and other Layer 3 and Layer 4

header fields

Advertising
This manual is related to the following products:

H3C S5800 Series Switches, H3C S5120 Series Switches, H3C WA2600 Series WLAN Access Points, H3C WA2200 Series WLAN Access Points

Popular Brands
Popular manuals