A10E/A28E/A28F Configuration Guide
6.1.2 Preparing for configurations
Scenario
ACL can help network device to recognize filter objects. The device recognizes special
objects and then permits/denies packets passing according to the configured policy.
ACL includes the below types:
IP ACL: make classifications rule according to source or destination address taken by
packets IP head, port ID used by TCP or UDP, and other attributes of packets.
MAC ACL: make classification rule according to source MAC address, destination MAC
address, Layer 2 protocol type taken by packets Layer 2 frame head, etc. attributes.
MAP ACL: MAP ACL can define more protocols and more detailed protocol fields than
IP ACL and MAC ACL, also can match any bytes of the first 64 bytes according to user's
definition.
There are 3 kinds of ACL application according to difference of application environment:
ACL based on the whole device, based on interface, and based on VLAN.
Prerequisite
N/A
6.1.3 Default configurations of ACL
The default configuration of ACL is as below.
Function status of device filter
Non-fragmenting packet message type
Filter function effective status
MAC address matching rules
Ethernet frame type matching rules
ARP protocol type matching rules
ARP packet and MAC/IP address matching rules
IP packet address, DSCP, priority, and matching rule between
priority and ToS
Matching rule between port ID and protocol tag bit of TCP
packets
Port ID matching rules of UDP packets
To Next Page
Loading...