218
Configuring ACLs
The Web interface provides the following ACL configuration functions:
• Configuring an IPv4 ACL
• Configuring a rule for a basic IPv4 ACL
• Configuring a rule for an advanced IPv4 ACL
• Configuring a rule for an Ethernet frame header ACL
Overview
An access control list (ACL) is a set of rules (or permit or deny statements) for identifying traffic
based on criteria such as source IP address, destination IP address, and port number.
ACLs are essentially used for packet filtering. A packet filter drops packets that match a deny rule
and permits packets that match a permit rule. ACLs are also widely used by many modules (for
example, QoS and IP routing) for traffic identification.
IPv4 ACLs include the following categories, as shown in Table 110.
Table 110 IPv
4 ACL categories
Category ACL number Match criteria
Basic ACLs 2000 to 2999 Source IPv4 address
Advanced ACLs 3000 to 3999
Source/destination IPv4 address, protocol number, and other
Layer 3 and Layer 4 header fields
Ethernet frame
header ACLs
4000 to 4999
Layer 2 header fields, such as source and destination MAC
addresses, 802.1p priority, and link layer protocol type
For more information about IPv4 ACLs, see HPE FlexNetwork MSR Router Series Comware 5 ACL
and QoS Configuration Guide.
Recommended IPv4 ACL configuration procedure
Step Remarks
1. Adding an IPv4 ACL
Required.
The category of the added ACL depends on the ACL
number that you specify.
2. Configuring a rule for a basic IPv4 ACL.
Required.
Complete one of these tasks according to the ACL
category.
3. Configuring a rule for an advanced IPv4 ACL.
4. Configuring a rule for an Ethernet frame header
ACL.
Configuration guidelines
When you configure an ACL, follow these guidelines:
• You cannot create a rule with or modify a rule to have the same permit/deny statement as an
existing rule in the ACL.
To Next Page
Loading...
Need help?
General
