Chapter 1 Acl Overview; Introduction To Acl; Application Of Acls On The Switch - H3C S5500-EI series Operation Manual

Operation Manual – ACL
H3C S5500-EI Series Ethernet Switches
In order to filter traffic, network devices use sets of rules, called access control lists
(ACLs), to identify and handle packets.
When configuring ACLs, go to these chapters for information you are interested in:
ACL Overview
IPv4 ACL Configuration
IPv6 ACL Configuration
Note:
Unless otherwise stated, ACLs refer to both IPv4 ACLs and IPv6 ACLs throughout this
document.

1.1 Introduction to ACL

1.1.1 Introduction
As network scale and network traffic are increasingly growing, network security and
bandwidth allocation become more and more critical to network management. Packet
filtering can be used to efficiently prevent illegal users from accessing networks and to
control network traffic and save network resources. Access control lists (ACL) are often
used to filter packets with configured matching rules.
ACLs are sets of rules (or sets of permit or deny statements) that decide what packets
can pass and what should be rejected based on matching criteria such as source MAC
address, destination MAC address, source IP address, destination IP address, and port
number.

1.1.2 Application of ACLs on the Switch

The switch supports two ACL application modes:
Hardware-based application: An ACL is assigned to a piece of hardware. For
example, an ACL can be referenced by QoS for traffic classification. Note that
when an ACL is referenced to implement QoS, the actions defined in the ACL
rules, deny or permit, do not take effect; actions to be taken on packets matching
the ACL depend on the traffic behavior definition in QoS. For details about traffic
behavior, refer to the QoS part in this manual.

Chapter 1 ACL Overview

1-1
Chapter 1 ACL Overview