ACL configuration

ACL overview

With the growth of network scale and network traffic, network security and bandwidth allocation become more and more critical to network management. Packet filtering can be used to efficiently prevent illegal access to networks and to control network traffic and save network resources. One way to implement packet filtering is to use access control lists (ACLs).

An ACL is a set of rules (or a set of permit or deny statements) for determining which packets can pass and which ones should be rejected based on match criteria such as source address, destination address, and port number. ACLs are widely used with technologies such as QoS, where traffic identification is desired.

Introduction to IPv4 ACL

IPv4 ACL classification

IPv4 ACLs, identified by ACL numbers, fall into the following categories, as shown in 1.

1.IPv4 ACL categories

Category

ACL number

Match criteria

Basic IPv4 ACL

2000 to 2999

Source IP address

 

 

 

 

 

Source IP address, destination IP address, protocol

Advanced IPv4 ACL

3000 to 3999

carried over IP, and other Layer 3 or Layer 4 protocol

 

 

header information

 

 

 

 

 

Layer 2 protocol header fields such as source MAC

Ethernet frame header ACL

4000 to 4999

address, destination MAC address, 802.1p

 

 

precedence, and link layer protocol type

 

 

 

IPv4 ACL match order

An ACL may consist of multiple rules, which specify different match criteria. These match criteria may have overlapping or conflicting parts. The match order determines how packets should be matched against the rules. The comparison of a packet against ACL rules stops immediately after a match is found. The packet is then processed as per the rule.

The following types of IPv4 ACL match orders are available:

config—Compares packets against ACL rules in the order that the rules are configured.

auto—Compares packets against ACL rules in the depth-first match order.

The term depth-first match has different meanings for different types of IPv4 ACLs.

410

Page 422
Image 422
HP V1910 manual ACL configuration, ACL overview, Introduction to IPv4 ACL, IPv4 ACL classification, IPv4 ACL match order