Configuring ACLs
The Web interface provides the following ACL configuration functions:
Configuring an IPv4 ACL
•
Configuring a rule for a basic IPv4 ACL
•
Configuring a rule for an advanced IPv4 ACL
•
•
Configuring a rule for an Ethernet frame header ACL
Overview
An access control list (ACL) is a set of rules (or permit or deny statements) for identifying traffic based on
criteria such as source IP address, destination IP address, and port number.
ACLs are essentially used for packet filtering. A packet filter drops packets that match a deny rule and
permits packets that match a permit rule. ACLs are also widely used by many modules (for example, QoS
and IP routing) for traffic identification.
IPv4 ACLs include the following categories, as shown in
Table 110 IPv4 ACL categories
Category
Basic ACLs
Advanced ACLs
Ethernet frame
header ACLs
For more information about IPv4 ACL, see ACL and QoS Configuration Guide in HP MSR Router Series
Configuration Guides (V5).
Recommended IPv4 ACL configuration procedure
Step
1.
Configuration guidelines.
2.
Configuring a rule for a basic IPv4
3.
Configuring a rule for an advanced IPv4
4.
Configuring a rule for an Ethernet frame header
ACL.
ACL number
Match criteria
2000 to 2999
Source IPv4 address
Source/destination IPv4 address, protocol number, and other Layer
3000 to 3999
3 and Layer 4 header fields
Layer 2 header fields, such as source and destination MAC
4000 to 4999
addresses, 802.1p priority, and link layer protocol type
ACL.
Table 1
10.
Remarks
Required.
The category of the added ACL depends on the ACL
number that you specify.
Required.
ACL.
Complete one of these tasks according to the ACL
category.
226