3com 5500-ei pwr Instrução De Instalação
1-1
1
ACL Configuration
When configuring ACL, go to these sections for information you are interested in:
z
z
z
z
z
ACL Overview
As the network scale and network traffic are increasingly growing, security control and
bandwidth assignment play a more and more important role in network management.
Filtering data packets can prevent a network from being accessed by unauthorized users
efficiently while controlling network traffic and saving network resources. Access Control
Lists (ACLs) are often used to filter packets with configured matching rules.
Upon receiving a packet, the switch compares the packet with the rules of the ACL applied
on the current port to permit or discard the packet.
The rules of an ACL can be referenced by other functions that need traffic classification,
such as QoS.
ACLs classify packets using a series of conditions known as rules. The conditions can be
based on source addresses, destination addresses and port numbers carried in the
packets.
According to their application purposes, ACLs fall into the following four types.
z
Basic ACL. Rules are created based on source IP addresses only.
z
Advanced ACL. Rules are created based on the Layer 3 and Layer 4 information such
as the source and destination IP addresses, type of the protocols carried by IP,
protocol-specific features, and so on.
z
Layer 2 ACL. Rules are created based on the Layer 2 information such as source and
destination MAC addresses, VLAN priorities, type of Layer 2 protocol, and so on.
z
User-defined ACL. An ACL of this type matches packets by comparing the strings
retrieved from the packets with specified strings. It defines the byte it begins to perform
“and” operation with the mask on the basis of packet headers.
ACL Matching Order
An ACL can contain multiple rules, each of which matches specific type of packets. So the
order in which the rules of an ACL are matched needs to be determined.
The rules in an ACL can be matched in one of the following two ways: