62
ACL OVERVIEW
In order to filter traffic, network devices use sets of rules, called access control lists
(ACLs), to identify and handle packets.
When configuring ACLs, go to these chapters for information you are interested
in:
■ “ACL Overview” on page 835
■ “IPv4 ACL Configuration” on page 841
■ “IPv6 ACL Configuration” on page 851
n
Unless otherwise stated, ACLs refer to both IPv4 ACLs and IPv6 ACLs throughout
this document.
Introduction to ACL
Introduction As network scale and network traffic are increasingly growing, network security
and bandwidth allocation become more and more critical to network
management. Packet filtering can be used to efficiently prevent illegal users from
accessing networks and to control network traffic and save network resources.
Access control lists (ACL) are often used to filter packets with configured matching
rules.
ACLs are sets of rules (or sets of permit or deny statements) that decide what
packets can pass and what should be rejected based on matching criteria such as
source MAC address, destination MAC address, source IP address, destination IP
address, and port number.
Application of ACLs on
the Switch
The switch supports two ACL application modes:
■ Hardware-based application: An ACL is assigned to a piece of hardware. For
example, an ACL can be referenced by QoS for traffic classification. Note that
when an ACL is referenced to implement QoS, the actions defined in the ACL
rules, deny or permit, do not take effect; actions to be taken on packets
matching the ACL depend on the traffic behavior definition in QoS. For details
about traffic behavior, refer to “Traffic Classification, TP, and LR Configuration”
on page 861.
■ Software-based application: An ACL is referenced by a piece of upper layer
software. For example, an ACL can be referenced to configure login user
control behavior, thus controlling Telnet, SNMP and Web users. Note that when
an ACL is reference by the upper layer software, actions to be taken on packets
matching the ACL depend on those defined by the ACL rules. For details about
login user control, refer to “Controlling Login Users” on page 75.
To Next Page
Loading...
