Configuring Acls; Overview; Acl Types; Numbering And Naming Acls - HP FlexNetwork MSR Series Configuration Manuals

Comware 7 acl and qos
Hide thumbs Also See for FlexNetwork MSR Series:
Table of Contents

Advertisement

Configuring ACLs

Overview

An access control list (ACL) is a set of rules for identifying traffic based on criteria such as source IP
address, destination IP address, and port number. The rules are also called permit or deny
statements.
ACLs are primarily used for packet filtering.
example. You can use ACLs in QoS, security, routing, and other modules for identifying traffic. The
packet drop or forwarding decisions depend on the modules that use ACLs.

ACL types

Type
Basic ACLs
Advanced ACLs
Layer 2 ACLs

Numbering and naming ACLs

When creating an ACL, you must assign it a number or name for identification. You can specify an
existing ACL by its number or name. Each ACL type has a unique range of ACL numbers.
For an IPv4 basic or advanced ACL, its ACL number or name must be unique in IPv4. For an IPv6
basic or advanced ACL, its ACL number and name must be unique in IPv6. For an ACL of a type
other than IPv4 or IPv6, its ACL number or name must be globally unique.

Match order

The rules in an ACL are sorted in a specific order. When a packet matches a rule, the device stops
the match process and performs the action defined in the rule. If an ACL contains overlapping or
conflicting rules, the matching result and action to take depend on the rule order.
The following ACL match orders are available:
config—Sorts ACL rules in ascending order of rule ID. A rule with a lower ID is matched before
a rule with a higher ID. If you use this method, check the rules and their order carefully.
auto—Sorts ACL rules in depth-first order. Depth-first ordering makes sure any subset of a rule
is always matched before the rule.
ordering uses to sort rules for each type of ACL.
ACL number
IP version
IPv4
2000 to 2999
IPv6
IPv4
3000 to 3999
IPv6
4000 to 4999
IPv4 and IPv6
Table 1
"Configuring packet filtering with
Match criteria
Source IPv4 address.
Source IPv6 address.
Source
IPv4
address, packet priority, protocol number, and
other Layer 3 and Layer 4 header fields.
Source
IPv6
address, packet priority, protocol number, and
other Layer 3 and Layer 4 header fields.
Layer 2 header fields, such as source and
destination MAC addresses, 802.1p priority,
and link layer protocol type.
lists the sequence of tie breakers that depth-first
6
ACLs" provides an
address,
destination
address,
destination
IPv4
IPv6

Advertisement

Table of Contents
loading

Table of Contents