1 acl configuration, Acl overview, Introduction – H3C Technologies H3C S5120 Series Switches User Manual
Page 527: Application of acls on the switch, Acl configuration
1-1
1
ACL Configuration
This chapter includes these sections:
z
z
z
z
z
z
z
Configuring an Ethernet Frame Header ACL
z
z
Applying an ACL for Packet Filtering
z
Displaying and Maintaining ACLs
z
ACL Overview
Introduction
An access control list (ACL) is a set of rules (that is, a set of permit or deny statements) for identifying
traffic based on matching criteria such as source address, destination address, and port number. The
selected traffic will then be permitted or rejected by predefined security policies.
ACLs are widely used in technologies where traffic identification is desired, such as packet filtering and
QoS.
Application of ACLs on the Switch
The switch supports two ACL application modes:
z
Hardware-based application: An ACL is assigned to a piece of hardware. For example, an ACL is
applied to an Ethernet interface or VLAN interface for packet filtering or is referenced by a QoS
policy for traffic classification. Note that when an ACL is referenced to implement QoS, the actions
defined in the ACL rules, deny or permit, do not take effect; actions to be taken on packets
matching the ACL depend on the traffic behavior definition in QoS. For details about traffic
behavior, refer to the QoS Configuration.