ACL configuration
ACL overview
With the growth of network scale and network traffic, network security and bandwidth allocation become more and more critical to network management. Packet filtering can be used to efficiently prevent illegal access to networks and to control network traffic and save network resources. One way to implement packet filtering is to use access control lists (ACLs).
An ACL is a set of rules (or a set of permit or deny statements) for determining which packets can pass and which ones should be rejected based on match criteria such as source address, destination address, and port number. ACLs are widely used with technologies such as QoS, where traffic identification is desired.
Introduction to IPv4 ACL
IPv4 ACL classification
IPv4 ACLs, identified by ACL numbers, fall into the following categories, as shown in 1.
1.IPv4 ACL categories
Category | ACL number | Match criteria |
Basic IPv4 ACL | 2000 to 2999 | Source IP address |
|
|
|
|
| Source IP address, destination IP address, protocol |
Advanced IPv4 ACL | 3000 to 3999 | carried over IP, and other Layer 3 or Layer 4 protocol |
|
| header information |
|
|
|
|
| Layer 2 protocol header fields such as source MAC |
Ethernet frame header ACL | 4000 to 4999 | address, destination MAC address, 802.1p |
|
| precedence, and link layer protocol type |
|
|
|
IPv4 ACL match order
An ACL may consist of multiple rules, which specify different match criteria. These match criteria may have overlapping or conflicting parts. The match order determines how packets should be matched against the rules. The comparison of a packet against ACL rules stops immediately after a match is found. The packet is then processed as per the rule.
The following types of IPv4 ACL match orders are available:
∙
∙
The term
410