Chapter 7 Global Acl Configuration; Global Acl Overview - H3C S9500 Series Operating Manual

Operation Manual – QoS
H3C S9500 Series Routing Switches

Chapter 7 Global ACL Configuration

When configuring global ACL, go to these sections for information you are interested in:

Global ACL Overview

Global ACL Configuration
Global ACL Configuration Example
7.1 Global ACL Overview
Global ACL is a board-based function, which enables you to conveniently manage your
network. With global ACL, you can apply an ACL to a board to control the traffic on all
ports of the board, without the need of applying the ACL to individual ports on the board
one by one. This saves resources and takes convenience to you.
Note:
In matching, globally configured ACL rules take precedence over the ACL rules
configured on a port or VLAN.
Any interface board with C, CA, CB, DA, DB, or DC suffix in its name supports the
global ACL function.
The OAP module does not support globally ACL configuration.
The S9500 series routing switches do not support global ACL configuration on
boards configured with cross-board link aggregation.
If a user-defined flow template is used for global ACL, you need to apply the
template both globally and on the ports where global ACL rules will be applied;
otherwise, global ACL configuration may not take effect. If the default flow template
is used, you need not to apply the flow template to ports.
For the S9502, if you replace the interface board in slot 1 with a main control board,
the global ACL rules originally applied to the interface board will be deleted after
primary/secondary switchover.
Chapter 7 Global ACL Configuration
7-1