Manualshelf

3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module
801802803804805806807808809810
56
ACL OVERVIEW
n
Unless otherwise stated, ACLs refer to both IPv4 ACLs and IPv6 ACLs throughout
this document.
ACLs are sets of rules (or sets of permit or deny statements) that decide what
packets can pass and what should be rejected based on matching criteria such as
source address, destination address, and port number.
They can apply to firewall, QoS, and wherever traffic identification is desired.
This chapter covers these topics:
“Time-Based ACL” on page 801
“IPv4 ACL” on page 801
“IPv6 ACL” on page 803
Time-Based ACL Time-based ACLs allow you to control the period during which a rule can take
effect by referencing a time range in the rule.
The referenced time range can be one that has not been created yet. The rule
however can take effect only after the time range is defined and comes active.
c
CAUTION: On the Switch 8800s, the active state of ACL rules must be consistent
on the I/O Module and interface cards.
IPv4 ACL This section covers these topics:
“IPv4 ACL Classification” on page 801
“IPv4 ACL Naming” on page 802
“IPv4 ACL Match Order” on page 802
“IP Fragments Filtering with IPv4 ACL” on page 803
IPv4 ACL Classification IPv4 ACLs, identified by ACL numbers, fall into the following four categories:
Basic IPv4 ACL, based on source IP address. Basic ACLs are numbered 2000
through 2999.
Advanced IPv4 ACL, based on source IP address, destination IP address,
protocol carried on IP, and other Layer 3 or Layer 4 protocol header
information. Advanced ACLs are numbered 3000 through 3999.