Ways To Apply An Acl On A Switch - H3C S5600 Series Operation Manual
Hide thumbs
Also See for H3C S5600 Series:
- Operation manual (1218 pages) ,
- Configuration (313 pages) ,
- Operation manual (11 pages)
Table of Contents
Advertisement
Operation Manual – ACL
H3C S5600 Series Ethernet Switches
The smaller the weighting value left, which is a fixed weighting value minus the
weighting value of every parameter of the rule, the higher the match priority.
If the types of parameter are the same for multiple rules, then the sum of
parameters' weighting values of a rule determines its priority. The smaller the sum,
the higher the match priority.
1.1.2 Ways to Apply an ACL on a Switch
I. Being applied to the hardware directly
In the switch, an ACL can be directly applied to hardware for packet filtering and traffic
classification. In this case, the rules in an ACL are matched in the order determined by
the hardware instead of that defined in the ACL. For S5600 series Ethernet switches,
the later the rule applies, the higher the match priority.
ACLs are directly applied to hardware when they are used for:
Implementing QoS
Filtering the packets to be forwarded
II. Being referenced by upper-level software
ACLs can also be used to filter and classify the packets to be processed by software. In
this case, the rules in an ACL can be matched in one of the following two ways:
config, where rules in an ACL are matched in the order defined by the user.
auto, where the rules in an ACL are matched in the order determined by the
system, namely the "depth-first" order (Layer 2 ACLs and user-defined ACLs do
not support this feature).
When applying an ACL in this way, you can specify the order in which the rules in the
ACL are matched. The match order cannot be modified once it is determined, unless
you delete all the rules in the ACL and define the match order.
An ACL can be referenced by upper-layer software:
Referenced by routing policies
Used to control Telnet, SNMP and Web login users
Note:
When an ACL is directly applied to hardware for packet filtering, the switch will
permit packets if the packets do not match the ACL.
When an ACL is referenced by upper-layer software to control Telnet, SNMP and
Web login users, the switch will deny packets if the packets do not match the ACL.
1-3
Chapter 1 ACL Configuration
Advertisement
Chapters
Table of Contents
Troubleshooting
