Introduction To Ipv4 Acl; Ipv4 Acl Classification - H3C S5500-EI series Operation Manual
Hide thumbs
Also See for S5500-EI series:
- Configuration manual (490 pages) ,
- Security configuration manual (448 pages) ,
- Operation manual (216 pages)
Table of Contents
Advertisement
Operation Manual – ACL
H3C S5500-EI Series Ethernet Switches
Software-based application: An ACL is referenced by a piece of upper layer
software. For example, an ACL can be referenced to configure login user control
behavior, thus controlling Telnet, SNMP and Web users. Note that when an ACL is
reference by the upper layer software, actions to be taken on packets matching
the ACL depend on those defined by the ACL rules. For details about login user
control, refer to the part about login configuration in this manual.
Note:
When an ACL is assigned to a piece of hardware and referenced by a QoS policy for
traffic classification, the switch does not take action according to the traffic behavior
definition on a packet that does not match the ACL.
When an ACL is referenced by a piece of software to control Telnet, SNMP, and
Web login users, the switch denies all packets that do not match the ACL.
1.2 Introduction to IPv4 ACL
This section covers these topics:
IPv4 ACL Classification
IPv4 ACL Naming
IPv4 ACL Match Order
IPv4 ACL Step
Effective Period of an IPv4 ACL
IP Fragments Filtering with IPv4 ACL
1.2.1 IPv4 ACL Classification
IPv4 ACLs, identified by ACL numbers, fall into four categories, as shown in
Table 1-1 IPv4 ACL categories
Category
Basic IPv4 ACL
Advanced IPv4 ACL
Ethernet frame
header ACL
ACL number
2000 to 2999
Source IP address
Source IP address, destination IP
address, protocol carried on IP, and
3000 to 3999
other Layer 3 or Layer 4 protocol header
information
Layer 2 protocol header fields such as
source MAC address, destination MAC
4000 to 4999
address, 802.1p priority, and link layer
protocol type
1-2
Chapter 1 ACL Overview
Table
Matching criteria
1-1.
Advertisement
Chapters
Table of Contents
Troubleshooting
