Application Of Acls On The Switch; Acl Classification - H3C S5120-EI Series Configuration Manual

Acl and qos

Hide thumbs Also See for S5120-EI Series:

Table of Contents

ACLs are sets of rules (or sets of permit or deny statements) that decide what packets can pass and

what should be rejected based on matching criteria such as source MAC address, destination MAC

address, source IP address, destination IP address, and port number.

Application of ACLs on the Switch

The switch supports two ACL application modes:

Hardware-based application: An ACL is assigned to a piece of hardware. For example, an ACL

can be referenced by QoS for traffic classification. Note that when an ACL is referenced to

implement QoS, the actions defined in the ACL rules, deny or permit, do not take effect; actions to

be taken on packets matching the ACL depend on the traffic behavior definition in QoS. For details

about traffic behavior, see QoS Configuration Approaches in the ACL and QoS Configuration

Guide.

Software-based application: An ACL is referenced by a piece of upper layer software. For

example, an ACL can be referenced to configure login user control behavior, thus controlling

Telnet, SNMP and Web users. Note that when an ACL is reference by the upper layer software,

actions to be taken on packets matching the ACL depend on those defined by the ACL rules. For

details about login user control, see User Login Control in the Fundamentals Configuration Guide.

When an ACL is assigned to a piece of hardware and referenced by a QoS policy for traffic

classification, the switch does not take action according to the traffic behavior definition on a

packet that does not match the ACL.

When an ACL is referenced by a piece of software to control Telnet, SNMP, and Web login users,

the switch denies all packets that do not match the ACL.

For details of ACL application for packet filtering, see

ACLs fall into three categories, as shown in

Table 1-1 ACL categories