Huawei Quidway S3500 Series Operation Manual page 328

Operation Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches
Note:
For S3526 switch, packet-filter function only supports rules which action is deny, and
other QoS functions such as configure priority marking, configure traffic mirroring and
configure traffic statistics supports rules which action is permit. But in some case the
permit ACL and deny ACL can be matched for the same time. For example, ACL 3000
has rule 0 and rule 1, rule 0 is deny rule, rule 1 is permit rule. Packet-filter function cites
ACL 100 rule 0, traffic statistics cites ACL 100 rule 1, then match order is first match the
deny rule then permit rule.
The case includes: ACL cited by QoS function, ACL used for filter the packet
transmitted by the hardware. etc.
II. Case of filtering or classifying data transmitted by the software
ACL can be used to filter or classify the data treated by the software of switch. In this
case, the match order of ACL's sub-rules can be determined by the user. There are two
match-orders: config (by following the user-defined configuration order when matching
the rule) and auto (according to the system sorting automatically when matching the
rule, i.e. in depth-first order). Once the user specifies the match-order of an access
control rule, he cannot modify it later, unless he deletes all the content and specifies the
match-order again.
The case includes: ACL cited by route policy function, ACL used for control logon user,
etc.
Huawei Technologies Proprietary
1-2
Chapter 1 ACL Configuration