Chapter 1 Acl Configuration; Acl Overview - H3C S5600 Series Operation Manual

Operation Manual – ACL
H3C S5600 Series Ethernet Switches

Chapter 1 ACL Configuration

When configuring ACL, go to these sections for information you are interested in:

ACL Overview

ACL Configuration Task List
Displaying and Maintaining ACL Configuration
Examples for Upper-layer Software Referencing ACLs
Examples for Applying ACLs to Hardware
Note:
The feature of applying ACL rules to a VLAN is newly added, which is described in
Applying ACLs to a
The feature of configuring VLAN information for Layer 2 ACLs is newly added, which
is described in
1.1 ACL Overview
As the network scale and network traffic are increasingly growing, security control and
bandwidth assignment play a more and more important role in network management.
Filtering data packets can prevent a network from being accessed by unauthorized
users efficiently while controlling network traffic and saving network resources. Access
Control Lists (ACLs) are often used to filter packets with configured matching rules.
Upon receiving a packet, the switch compares the packet with the rules of the ACL
applied on the current port to permit or discard the packet.
The rules of an ACL can be referenced by other functions that need traffic classification,
such as QoS.
ACLs classify packets using a series of conditions known as rules. The conditions can
be based on source addresses, destination addresses and port numbers carried in the
packets.
According to their application purposes, ACLs fall into the following four types.
Basic ACL. Rules are created based on source IP addresses only.
Advanced ACL. Rules are created based on the Layer 3 and Layer 4 information
such as the source and destination IP addresses, type of the protocols carried by
IP, protocol-specific features, and so on.
VLAN.
Configuring Layer 2 ACL.
1-1
Chapter 1 ACL Configuration