Types Of Acls Supported By S5100 Series Ethernet Switches - H3C S5100-SI Series Operation Manual

Operation Manual – ACL
H3C S5100-SI/EI Series Ethernet Switches
II. Being referenced by upper-level software
ACLs can also be used to filter and classify the packets to be processed by software. In
this case, the rules in an ACL can be matched in one of the following two ways:
config, where rules in an ACL are matched in the order defined by the user.
auto, where the rules in an ACL are matched in the order determined by the
system, namely the "depth-first" order.
When applying an ACL in this way, you can specify the order in which the rules in the
ACL are matched. The match order cannot be modified once it is determined, unless
you delete all the rules in the ACL and define the match order.
An ACL can be referenced by upper-layer software:
Referenced by routing policies
Used to control Telnet, SNMP and Web login users
Note:
When an ACL is directly applied to hardware for packet filtering, the switch will
permit packets if the packets do not match the ACL.
When an ACL is referenced by upper-layer software to control Telnet, SNMP and
Web login users, the switch will deny packets if the packets do not match the ACL.

1.1.3 Types of ACLs Supported by S5100 Series Ethernet Switches

S5100-SI Series Ethernet switches support the following types of ACLs.
Basic ACLs
Advanced ACLs
Note that ACLs defined on S5100-SI series Ethernet switches can only be referenced
by upper-layer software for packet filtering. They cannot be applied to hardware
S5100-EI Series Ethernet switches support the following types of ACLs.
Basic ACLs
Advanced ACLs
Layer 2 ACLs
Note that ACLs defined on S5100-EI Series Ethernet switches can be applied to
hardware directly or referenced by upper-layer software for packet filtering.
1-3
Chapter 1 ACL Configuration