45 acl configuration, Acl overview, Introduction to ipv4 acl – H3C Technologies H3C WX6000 Series Access Controllers User Manual

45-1

45

ACL Configuration

Support of the H3C WX series access controllers for features may vary by device model. Refer to

section "Feature Matrixes" in Compatibility Matrixes for details.

The sample output in this manual was created on the WX5004. The output on your device may

vary.

The grayed out functions or parameters on the Web interface indicate that they are not supported

or cannot be modified.

The models listed in this manual are not applicable to all regions. Please consult your local sales

office for the models applicable to your region.

ACL Overview

With the growth of network scale and network traffic, network security and bandwidth allocation become

more and more critical to network management. Packet filtering can be used to efficiently prevent illegal

access to networks and to control network traffic and save network resources. One way to implement

packet filtering is to use access control lists (ACLs).

An ACL is a set of rules (or a set of permit or deny statements) for determining which packets can pass

and which ones should be rejected based on matching criteria such as source address, destination

address, and port number. ACLs are widely used with technologies such as firewall and QoS, where

traffic identification is desired.

Introduction to IPv4 ACL

IPv4 ACL Classification

IPv4 ACLs, identified by ACL numbers, fall into three categories, as shown in

Table 45-1

.

Table 45-1 IPv4 ACL categories

Category

ACL number

Matching criteria

Basic IPv4 ACL

2000 to 2999

Source IP address

Advanced IPv4 ACL

3000 to 3999

Source IP address, destination IP address,
protocol carried over IP, and other Layer 3 or
Layer 4 protocol header information

Ethernet frame header ACL

4000 to 4999

Layer 2 protocol header fields such as source
MAC address, destination MAC address, 802.1p
priority, and link layer protocol type