Acl configuration, Acl overview, Acl categories – H3C Technologies H3C SecBlade NetStream Cards User Manual
Page 144: Acl numbering and naming
129
ACL configuration
This chapter includes these sections:
•
•
•
Displaying and maintaining ACLs
•
NOTE:
The SecBlade NetStream cards support only IPv4 basic, IPv4 advanced and Ethernet frame header ACLs.
ACL overview
An access control list (ACL) is a set of rules (or permit or deny statements) for identifying traffic based on
criteria such as source IP address, destination IP address, and port number.
ACLs are primarily used for packet filtering. “
” provides an example. You can
use ACLs in QoS, firewall, routing, and other technologies for identifying traffic. The packet drop or
forwarding decisions varies with modules that use ACLs.
ACL categories
Category
ACL number
IP version
Match criteria
Basic ACLs
2000 to 2999
IPv4
Source IPv4 address
Advanced ACLs 3000 to 3999
IPv4
Source IPv4 address, destination IPv4 address,
packet priority, protocols over IPv4, and other
Layer 3 and Layer 4 header fields
Ethernet frame
header ACLs
4000 to 4999
IPv4
Layer 2 header fields, such as source and
destination MAC addresses, 802.1p priority,
and link layer protocol type
ACL numbering and naming
Each ACL category has a unique range of ACL numbers. When creating an ACL, you must assign it a
number for identification. In addition, you can assign the ACL a name for the ease of identification. After
creating an ACL with a name, you can neither rename it nor delete its name.
For an Ethernet frame header, the ACL number and name must be globally unique. For an IPv4 basic or
advanced ACLs, its ACL number and name must be unique among all IPv4 ACLs.