EasyManuals Logo

Huawei Quidway S3500 Series User Manual

Huawei Quidway S3500 Series
671 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #327 background imageLoading...
Page #327 background image
Operation Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration
Huawei Technologies Proprietary
1-1
Chapter 1 ACL Configuration
1.1 Brief Introduction to ACL
1.1.1 ACL Overview
A series of matching rules are required for the network devices to identify the packets to
be filtered. After identifying the packets, the switch can permit or deny them to pass
through according to the defined policy. Access Control List (ACL) is used to implement
such functions.
ACL classifies the data packets with a series of matching rules, including source
address, destination address and port number, etc. The switch verifies the data packets
with the rules in ACL and determines to forward or discard them.
The data packet matching rules defined by ACL can also be called in some other cases
requiring traffic classification, such as defining traffic classification for QoS.
An access control rule includes several statements. Different statements specify
different ranges of packets. When matching a data packet with the access control rule,
the issue of match-order arises.
I. Case of filtering or classifying data transmitted by the hardware
ACL can be used to filter or classify the data transmitted by the hardware of switch. In
this case, the match order of ACL’s sub-rules is determined by the switch hardware.
The match order defined by the user can’t be effective.
Due the chips installed, the hardware match order of ACL’s sub-rule is different in
different switch models. The details are listed in the following table.
Table 1-1 Hardware match order of ACL’s sub-rule
Switch Hardware match order of ACL’s sub-rule
S3526
Series
An ACL is configured with multiple sub-rules. The deny sub-rules are
matched first, and then are the permit sub-rules. Exact match mode is
used for the permit sub-rules: the sub-rule with the more accurate
range is matched first, for example, ACL 3000 has rule 0 and rule 1,
the definition of rule 0 is “rule 0 permit ip source 1.1.1.1 0.0.255.255
destination 2.2.2.2 0.0.255.255”, the definition of rule 1 is “rule 1
permit ip source 1.1.1.1 0.0.0.255 destination 2.2.2.2 0.0.0.255”, then
the rule 1 is more accurate, it will be matched first.
S3526E
An ACL is configured with multiple sub-rules. The latest sub-rule will
be matched first.
S3552
Series
An ACL is configured with multiple sub-rules. The first sub-rule will be
matched first.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Huawei Quidway S3500 Series and is the answer not in the manual?

Huawei Quidway S3500 Series Specifications

General IconGeneral
BrandHuawei
ModelQuidway S3500 Series
CategoryNetwork Router
LanguageEnglish

Related product manuals