beautypg.com

Chapter 1 acl configuration, 1 acl overview, 1 acls referenced by upper-level modules – H3C Technologies H3C S3100 Series Switches User Manual

Page 377: Chapter 1 acl configuration -1, 1 acl overview -1, 1 acls referenced by upper-level modules -1

background image

Operation Manual – ACL

H3C S3100-52P Ethernet Switch

Chapter 1 ACL Configuration

1-1

Chapter 1 ACL Configuration

1.1 ACL Overview

An access control list (ACL) is mainly used for traffic classification. To filter data packets,
a network device needs to be configured with a series of ACLs to identify the packets to
be filtered. A network device can permit/deny specific packets in a predefined way only
after the traffic is classified.
ACLs classify packets using a series of conditions known as rules. The conditions can
be based on source addresses, destination addresses and port numbers carried in the
packets.
The rules of an ACL can be referenced by other functions that need traffic classification,
such as QoS.
According to their application purposes, ACLs fall into the following four types.

z

Basic ACL. Rules are created based on Layer 3 source IP addresses only.

z

Advanced ACL. Rules are created based on the Layer 3 and Layer 4 information
such as the source and destination IP addresses, the type of the protocols carried
by IP, protocol-specific features, and so on.

z

Layer 2 ACL. Rules are created based on the Layer 2 information such as source
and destination MAC addresses, VLAN priorities, Layer 2 protocols, and so on.

z

User-defined ACL. An ACL of this type matches packets by comparing specific
strings retrieved from the packets with specified strings.

1.1.1 ACLs Referenced by Upper-level Modules

ACL can also be used to filter and classify the packets to be processed by software. In
this case, the rules in an ACL can be matched in one of the following two ways:

z

config

, where rules in an ACL are matched in the order defined by the user.

z

auto

, where the rules in an ACL are matched in the order determined by the

system, namely the “depth-first” order.

When applying ACLs in this way, you can specify the order in which the rules in the ACL
are matched. The matching order cannot be modified once it is determined unless you
delete all the rules in the ACL.
An ACL is referenced by an upper-layer module when it is

z

Referenced by route policies

z

Used to control login users

See also other documents in the category H3C Technologies Routers: