Ipv4 Acl - H3C S3610-28P Operation Manual

Operation Manual – ACL
H3C S3610&S5510 Series Ethernet Switches
Software-based application: An ACL is referenced by a piece of upper layer
software. For example, an ACL can be referenced to configure login user control
behavior, thus controlling Telnet, SNMP and Web users. Note that when an ACL is
reference by the upper layer software, actions to be taken on packets matching
the ACL depend on those defined by the ACL rules. For details about login user
control, refer to the part about login configuration in this manual.
Note:
When an ACL is assigned to a piece of hardware and referenced by a QoS policy for
traffic classification, the device does not take action according to the traffic behavior
definition on a packet that does not match the ACL.
When an ACL is referenced by a piece of software to control Telnet, SNMP, and
Web login users, the device denies all packets that do not match the ACL.

1.2 IPv4 ACL

This section covers these topics:
IPv4 ACL Classification
IPv4 ACL Naming
IPv4 ACL Match Order
IP Fragments Filtering with IPv4 ACL
1.2.1 IPv4 ACL Classification
IPv4 ACLs, identified by ACL numbers, fall into the following four categories:
Basic IPv4 ACL, based on source IP address. Basic ACLs are numbered 2000
through 2999.
Advanced IPv4 ACL, based on source IP address, destination IP address,
protocol carried on IP, and other Layer 3 or Layer 4 protocol header information.
Advanced ACLs are numbered 3000 through 3999.
Ethernet frame header ACL, based on Layer 2 protocol header fields such as
source MAC address, destination MAC address, 802.1p priority, and link layer
protocol type. Ethernet frame header ACLs are numbered 4000 through 4999.
User-defined ACL, based on customized information. By defining a user-defined
ACL, you can specify which bytes starting from the Layer 2 header or IP header
should match the user-defined string. User-defined ACLs are numbered 5000
through 5999.
1-2
Chapter 1 ACL Overview