Introduction To The Acl; Classification Of Acls Supported By The S9300 - Huawei Quidway S9300 Configuration Manual

Terabit routing switch v100r001c03

Hide thumbs Also See for Quidway S9300:

Configuration manual - network management (630 pages)

Configuration manual (603 pages)

Configuration manual - multicast (262 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

page of 178

/ 178
Contents
Table of Contents
Bookmarks

Table of Contents

8 ACL Configuration

8.1 Introduction to the ACL

This section describes the basic concepts and parameters of an ACL.

To filter packets, a set of rules needs to be configured on the S9300 to determine the data packets

that can pass through. These rules are defined in an ACL.

An ACL is a series of orderly rules composed of permit and deny clauses. The clauses are

described based on the source address, destination address, and port number of a packet, and so

on. The ACL classifies packets according to the rules. After these rules are applied to the

interfaces on the S9300, the S9300 can determine packets that are received and rejected.

8.2 Classification of ACLs Supported by the S9300

This section describes the classification of ACLs supported by the S9300.

Classification of ACLs

The S9300 supports basic ACLs, advanced ACLs, and Ethernet frame header ACLs.

Application of ACLs

ACLs defined on the S9300 can be applied in the following scenarios:

8-2

Basic ACLs: classify and define data packets according to their source addresses,

fragmentation flag, and effective time range.

Advanced ACLs: classify and define data packets more refinedly according to the source

address, destination address, source port number, destination port number, protocol type,

precedence, and effective time range.

Frame header-based ACLs: classify and define data packets according to the source MAC

address, destination MAC address, and protocol type.

NOTE

Currently, the QinQ interfaces of the S9300 do not support ACL.

Hardware-based application: The ACL is sent to the hardware. For example, when QoS is

configured, the ACL is imported to classify packets. Note that when the ACL is imported

by QoS, the packets matching the ACL rule in deny mode are discarded. If the action in

the ACL is set to be in permit mode, the packets matching the ACL are processed by the

S9300 according to the action defined by the traffic behavior in QoS. For details on the

traffic behavior, see the Quidway S9300 Terabit Routing Switch Configuration Guide -

QoS.

Software-based application: When the ACL is imported by the upper-layer software, for

example, the ACL is imported when the control function is configured for login users, you

can use the ACL to control FTP users. When the S9300 functions as a TFTP client, you

can configure an ACL to specify the TFTP servers that the S9300 can access through TFTP.

When the ACL is imported by the upper-layer software, the packets matching the ACL are

processed by the S9300 according to the action deny or permit defined in the ACL. For

details on login user control, see the Quidway S9300 Terabit Routing Switch Configuration

Guide - Basic Configurations.

Huawei Proprietary and Confidential

Quidway S9300 Terabit Routing Switch

Configuration Guide - Security

Issue 01 (2009-07-28)

Table of Contents

Introduction To The Acl; Classification Of Acls Supported By The S9300 - Huawei Quidway S9300 Configuration Manual

8.1 Introduction to the ACL

8.2 Classification of ACLs Supported by the S9300

Related Manuals for Huawei Quidway S9300

Related Content for Huawei Quidway S9300

Table of Contents