EasyManuals Logo

H3C S3600 Series User Manual

H3C S3600 Series
966 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #629 background imageLoading...
Page #629 background image
Operation Manual – ACL
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
ACL Configuration
1-1
Chapter 1 ACL Configuration
1.1 ACL Overview
An access control list (ACL) is mainly used for traffic classification. To filter data packets,
a network device needs to be configured with a series of ACLs to identify the packets to
be filtered. A network device can permit/deny specific packets in a predefined way only
after the traffic is classified.
ACLs classify packets using a series of conditions known as rules. The conditions can
be based on source addresses, destination addresses and port numbers carried in the
packets.
The rules of an ACL can be referenced by other functions that need traffic classification,
such as QoS.
According to their application purposes, ACLs fall into the following four types.
z Basic ACL. Rules are created based on Layer 3 source IP addresses only.
z Advanced ACL. Rules are created based on the Layer 3 and Layer 4 information
such as the source and destination IP addresses, the type of the protocols carried
by IP, protocol-specific features, and so on.
z Layer 2 ACL. Rules are created based on the Layer 2 information such as source
and destination MAC addresses, VLAN priorities, Layer 2 protocols, and so on.
z User-defined ACL. An ACL of this type matches packets by comparing specific
strings retrieved from the packets with specified strings.
1.1.1 Ways to Apply ACL on a Switch
I. Applied to the hardware directly
In the switch, an ACL can be directly applied to the hardware for packet filtering and
traffic classification. In this case, the rules in an ACL are matched in the order
determined by the hardware instead of that defined in the ACL.
ACLs are directly applied to hardware when they are used for:
z Implementing QoS
z Filtering the packets to be forwarded
II. Referenced by upper-level modules
ACL can also be used to filter and classify the packets to be processed by software. In
this case, the rules in an ACL can be matched in one of the following two ways:
z config, where rules in an ACL are matched in the order defined by the user.

Table of Contents

Other manuals for H3C S3600 Series

Preview: Command Manual
Command Manual1277 pages
Preview: Installation Manual
Installation Manual98 pages
Preview: Datasheet
Datasheet10 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the H3C S3600 Series and is the answer not in the manual?

H3C S3600 Series Specifications

General IconGeneral
BrandH3C
ModelS3600 Series
CategorySwitch
LanguageEnglish

Related product manuals