Being referenced by upper-level software, Acl configuration, Configuring time range – H3C Technologies H3C S3100 Series Switches User Manual
Page 560
1-3
Being referenced by upper-level software
ACLs can also be used to filter and classify the packets to be processed by software. In this case, the
rules in an ACL can be matched in one of the following two ways:
z
config, where rules in an ACL are matched in the order defined by the user.
z
auto, where the rules in an ACL are matched in the order determined by the system, namely the
“depth-first” order.
When applying an ACL in this way, you can specify the order in which the rules in the ACL are matched.
The match order cannot be modified once it is determined, unless you delete all the rules in the ACL and
define the match order.
An ACL can be referenced by upper-layer software:
z
Referenced by routing policies
z
Used to control Telnet, SNMP and Web login users
z
When an ACL is directly applied to hardware for packet filtering, the switch will permit packets if the
packets do not match the ACL.
z
When an ACL is referenced by upper-layer software to control Telnet, SNMP and Web login users,
the switch will deny packets if the packets do not match the ACL.
Types of ACLs Supported by S3100 Series Ethernet Switches
S3100-SI Series Ethernet switches support the following types of ACLs.
z
Basic ACLs
z
Advanced ACLs
Note that ACLs defined on S3100-SI series Ethernet switches can only be referenced by upper-layer
software for packet filtering. They cannot be applied to hardware
S3100-EI Series Ethernet switches support the following types of ACLs.
z
Basic ACLs
z
Advanced ACLs
z
Layer 2 ACLs
z
IPv6 ACLs
Note that ACLs defined on S3100-EI Series Ethernet switches can be applied to hardware directly or
referenced by upper-layer software for packet filtering.
ACL Configuration
Configuring Time Range
Time ranges can be used to filter packets. You can specify a time range for each rule in an ACL. A time
range-based ACL takes effect only in specified time ranges. Only after a time range is configured and
the system time is within the time range, can an ACL rule take effect.
Two types of time ranges are available: