1 acl configuration, Acl overview, Acl configuration – H3C Technologies H3C S3600 Series Switches User Manual
Page 706
1-1
1
ACL Configuration
When configuring ACL, go to these sections for information you are interested in:
z
z
z
Displaying and Maintaining ACL Configuration
z
Examples for Upper-layer Software Referencing ACLs
z
Examples for Applying ACLs to Hardware
z
The feature of IPv6 ACL is newly added, which is described in
z
Only S3600-SI series Ethernet switches support IPv6 ACL.
ACL Overview
As the network scale and network traffic are increasingly growing, security control and
bandwidth assignment play a more and more important role in network management.
Filtering data packets can prevent a network from being accessed by unauthorized users
efficiently while controlling network traffic and saving network resources. Access Control
Lists (ACLs) are often used to filter packets with configured matching rules.
Upon receiving a packet, the switch compares the packet with the rules of the ACL applied
on the current port to permit or discard the packet.
The rules of an ACL can be referenced by other functions that need traffic classification,
such as QoS.
ACLs classify packets using a series of conditions known as rules. The conditions can be
based on source addresses, destination addresses and port numbers carried in the
packets.
According to their application purposes, ACLs fall into the following categories.
z
Basic ACL. Rules are created based on source IP addresses only.
z
Advanced ACL. Rules are created based on the Layer 3 and Layer 4 information such
as the source and destination IP addresses, type of the protocols carried by IP,
protocol-specific features, and so on.
z
Layer 2 ACL. Rules are created based on the Layer 2 information such as source and
destination MAC addresses, VLAN priorities, type of Layer 2 protocol, and so on.