H3C S7500 Series Ethernet Switches Operation Manual

Operation Manual – ACL

H3C S7500 Series Ethernet Switches Chapter 1

ACL Configuration

1-1

Chapter 1 ACL Configuration

 Note:

Type A line processing units (LPUs) include LS81FT48A, LS81FM24A, LS81FS24A,

LS81GB8UA, LS81GT8UA, LS81FT48, LS81FM24, LS81FS24, LS81GB8U and

LS81GT8U.

When configuring ACL, go to these sections for information you are interested in:

z ACL Overview

z Choosing ACL Mode for Traffic Flows

z Specifying the Match Order of ACL Rules

z Configuring Time Ranges

z Defining Basic ACLs

z Defining Advanced ACLs

z Defining Layer 2 ACLs

z Defining User-Defined ACLs

z Applying ACLs on Ports

z Displaying ACL Configuration

z ACL Configuration Examples

1.1 ACL Overview

An access control list (ACL) is used primarily to identify traffic flows. In order to filter

data packets, a series of match rules must be configured on the network device to

identify the packets to be filtered. After the specific packets are identified, and based on

the predefined policy, the network device can permit/prohibit the corresponding packets

to pass.

ACLs classify packets based on a series of match conditions, which can be the source

addresses, destination addresses and port numbers carried in the packets.

The packet match rules defined by ACLs can be referenced by other functions that

need to differentiate traffic flows, such as the definition of traffic classification rules in

QoS.

According to the application purpose, ACLs fall into the following four types:

z Basic ACL: rules are made based on the Layer 3 source IP addresses only.