Acl Configuration; Acl Overview; Acl Applications On The Switch; Acl Categories - HP A5120 EI Series Configuration Manual

ACL configuration

NOTE:
Unless otherwise stated, ACLs refer to both IPv4 and IPv6 ACLs throughout this document..

ACL overview

An access control list (ACL) is a set of rules (or permit or deny statements) for identifying traffic based on
criteria such as source IP address, destination IP address, and port number.
ACLs are primarily used for packet filtering. A packet filter drops packets that match a deny rule and
permits packets that match a permit rule. ACLs are also used by many modules, for example, QoS and IP
routing, for traffic classification and identification.

ACL applications on the switch

An ACL is implemented in hardware or software, depending on the module that uses it. If the module, the
packet filter or QoS module for example, is implemented in hardware, the ACL is applied to hardware to
process traffic. If the module, the routing or user interface access control module (Telnet, SNMP, or web)
for example, is implemented in software, the ACL is applied to software to process traffic.
The user interface access control module denies packets that do not match any ACL. Some modules, QoS
for example, ignore the permit or deny action in ACL rules and do not base their drop or forwarding
decisions on the action set in ACL rules. See the specific module for information about ACL application.

ACL categories

Category
Basic ACLs
Advanced ACLs
Ethernet frame
header ACLs
ACL number IP version
IPv4
2000 to 2999
IPv6
IPv4
3000 to 3999
IPv6
4000 to 4999 IPv4 and IPv6
Match criteria
Source IPv4 address
Source IPv6 address
Source IPv4 address, destination IPv4 address,
protocols over IPv4, and other Layer 3 and
Layer 4 header fields
Source IPv6 address, destination IPv6 address,
protocols over IPv6, and other Layer 3 and
Layer 4 header fields
Layer 2 header fields, such as source and
destination MAC addresses, 802.1p priority,
and link layer protocol type
1