1. Manuals
  2. Brands
  3. H3C Manuals
  4. Network Router
  5. H3C S7500E Series
  6. Configuration manual

Application Of Acls On The Switch; Acl Classification - H3C S7500E Series Configuration Manual

Hide thumbs Also See for S7500E Series:
Table of Contents

Advertisement

efficiently prevent illegal users from accessing networks and to control network traffic and save
network resources. Access control lists (ACL) are often used to filter packets with configured matching
rules.
ACLs are sets of rules (or sets of permit or deny statements) that decide what packets can pass and
what should be rejected based on matching criteria such as source MAC address, destination MAC
address, source IP address, destination IP address, and port number.

Application of ACLs on the Switch

The switch supports two ACL application modes:
Hardware-based application: An ACL is assigned to a piece of hardware. For example, an ACL
can be referenced by QoS for traffic classification. Note that when an ACL is referenced to
implement QoS, the actions defined in the ACL rules, deny or permit, do not take effect; actions to
be taken on packets matching the ACL depend on the traffic behavior definition in QoS. For details
about traffic behavior, see QoS Configuration Approaches in ACL and QoS Configuration Guide.
Software-based application: An ACL is referenced by a piece of upper layer software. For
example, an ACL can be referenced to configure login user control behavior, thus controlling
Telnet, SNMP and Web users. Note that when an ACL is reference by the upper layer software,
actions to be taken on packets matching the ACL depend on those defined by the ACL rules. For
details about login user control, see User Login Control in Fundamentals Configuration Guide.
When an ACL is assigned to a piece of hardware and referenced by a QoS policy for traffic
classification, the switch does not take action according to the traffic behavior definition on a
packet that does not match the ACL.
When an ACL is referenced by a piece of software to control Telnet, SNMP, and Web login users,
the switch denies all packets that do not match the ACL.

ACL Classification

ACLs fall into three categories, as shown in
Table 1-1 ACL categories
Category
Basic ACLs
Advanced ACLs
ACL number
IPv4
2000 to 2999
IPv6
3000 to 3999
IPv4
Table
1-1.
IP version
Source IPv4 address
Source IPv6 address
Source/destination IPv4 address, protocols
over IPv4, and other Layer 3 and Layer 4
header fields
1-2
Match criteria

Advertisement

Table of Contents
loading

Related Manuals for H3C S7500E Series

Related Content for H3C S7500E Series

Table of Contents