Acl Configuration; Acl Overview; Introduction To Ipv4 Acl - 3Com Baseline 2928 PWR Plus User Manual

1

ACL Configuration

ACL Overview

With the growth of network scale and network traffic, network security and bandwidth allocation become
more and more critical to network management. Packet filtering can be used to efficiently prevent illegal
access to networks and to control network traffic and save network resources. One way to implement
packet filtering is to use access control lists (ACLs).
An ACL is a set of rules (or a set of permit or deny statements) for determining which packets can pass
and which ones should be rejected based on matching criteria such as source address, destination
address, and port number. ACLs are widely used with technologies such as QoS, where traffic
identification is desired.

Introduction to IPv4 ACL

IPv4 ACL Classification
IPv4 ACLs, identified by ACL numbers, fall into three categories, as shown in
Table 1-1 IPv4 ACL categories
Category
Basic IPv4 ACL
Advanced IPv4 ACL
Ethernet frame
header ACL
IPv4 ACL Match Order
An ACL may consist of multiple rules, which specify different matching criteria. These criteria may have
overlapping or conflicting parts. The match order is for determining how packets should be matched
against the rules.
There are two types of IPv4 ACL match orders:
config: Packets are compared against ACL rules in the order that the rules are configured.
auto: Packets are compared against ACL rules in the depth-first match order.
The term depth-first match has different meanings for different types of IPv4 ACLs, as shown in
1-2.
ACL number
2000 to 2999
3000 to 3999
4000 to 4999
1-1
Matching criteria
Source IP address
Source IP address, destination IP address,
protocol carried over IP, and other Layer 3 or Layer
4 protocol header information
Layer 2 protocol header fields such as source MAC
address, destination MAC address, 802.1p
precedence, and link layer protocol type
Table 1-1.
Table