EasyManuals Logo

H3C S3100 8C SI User Manual

H3C S3100 8C SI
944 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #499 background imageLoading...
Page #499 background image
Operation Manual – ACL
H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration
1-1
Chapter 1 ACL Configuration
1.1 ACL Overview
As the network scale and network traffic are increasingly growing, security control and
bandwidth assignment play a more and more important role in network management.
Filtering data packets can prevent a network from being accessed by unauthorized
users efficiently while controlling network traffic and saving network resources. Access
control lists (ACL) are often used to filter packets with configured matching rules.
Upon receiving a packet, the switch compares the packet with the rules of the ACL
applied on the current port to permit or discard the packet.
The rules of an ACL can be referenced by other functions that need traffic classification,
such as QoS.
ACLs classify packets using a series of conditions known as rules. The conditions can
be based on source addresses, destination addresses and port numbers carried in the
packets.
According to their application purposes, ACLs fall into the following four types.
z Basic ACL. Rules are created based on source IP addresses only.
z Advanced ACL. Rules are created based on the Layer 3 and Layer 4 information
such as the source and destination IP addresses, type of the protocols carried by
IP, protocol-specific features, and so on.
z Layer 2 ACL. Rules are created based on the Layer 2 information such as source
and destination MAC addresses, VLAN priorities, type of Layer 2 protocol, and so
on.
z User-defined ACL. An ACL of this type matches packets by comparing the strings
retrieved from the packets with specified strings. It defines the byte it begins to
perform “and” operation with the mask on the basis of packet headers.
1.1.1 ACL Matching Order
An ACL can contain multiple rules, each of which matches specific type of packets. So
the order in which the rules of an ACL are matched needs to be determined.
The rules in an ACL can be matched in one of the following two ways:
z config: where rules in an ACL are matched in the order defined by the user.
z auto: where rules in an ACL are matched in the order determined by the system,
namely the “depth-first” rule.
For depth-first rule, there are two cases:

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the H3C S3100 8C SI and is the answer not in the manual?

H3C S3100 8C SI Specifications

General IconGeneral
BrandH3C
ModelS3100 8C SI
CategorySwitch
LanguageEnglish

Related product manuals