1-3
When applying an ACL in this way, you can specify the order in which the rules in the ACL are matched.
The match order cannot be modified once it is determined, unless you delete all the rules in the ACL and
define the match order.
An ACL can be referenced by upper-layer software:
z Referenced by routing policies
z Used to control Telnet, SNMP and Web login users
z When an ACL is directly applied to hardware for packet filtering, the device will permit packets if the
packets do not match the ACL.
z When an ACL is referenced by upper-layer software to control Telnet, SNMP and Web login users,
the device will deny packets if the packets do not match the ACL.
Types of ACLs Supported by Devices
The devices support the following types of ACLs.
z Basic ACLs
z Advanced ACLs
z Layer 2 ACLs
ACLs defined on the devices can be applied to hardware directly or referenced by upper-layer software
for packet filtering.
ACL Configuration Configuring Time Range
Time ranges can be used to filter packets. You can specify a time range for each rule in an ACL. A time
range-based ACL takes effect only in specified time ranges. Only after a time range is configured and
the system time is within the time range, can an ACL rule take effect.
Two types of time ranges are available:
z Periodic time range, which recurs periodically on the day or days of the week.
z Absolute time range, which takes effect only in a period of time and does not recur.
An absolute time range on a device can be within the range 1970/1/1 00:00 to 2100/12/31 24:00.