1-11 ACL ConfigurationACL OverviewWith the growth of network scale and network traffic, network security and bandwidth allocation becomemore and more critical to network management. Packet filtering can be used to efficiently prevent illegalaccess to networks and to control network traffic and save network resources. One way to implementpacket filtering is to use access control lists (ACLs).An ACL is a set of rules (or a set of permit or deny statements) for determining which packets can passand which ones should be rejected based on matching criteria such as source address, destinationaddress, and port number. ACLs are widely used with technologies such as QoS, where trafficidentification is desired.Introduction to IPv4 ACLIPv4 ACL ClassificationIPv4 ACLs, identified by ACL numbers, fall into three categories, as shown in Table 1-1.Table 1-1 IPv4 ACL categoriesCategory ACL number Matching criteriaBasic IPv4 ACL 2000 to 2999 Source IP addressAdvanced IPv4 ACL 3000 to 3999Source IP address, destination IP address,protocol carried over IP, and other Layer 3 or Layer4 protocol header informationEthernet frameheader ACL 4000 to 4999Layer 2 protocol header fields such as source MACaddress, destination MAC address, 802.1pprecedence, and link layer protocol typeIPv4 ACL Match OrderAn ACL may consist of multiple rules, which specify different matching criteria. These criteria may haveoverlapping or conflicting parts. The match order is for determining how packets should be matchedagainst the rules.There are two types of IPv4 ACL match orders:z config: Packets are compared against ACL rules in the order that the rules are configured.z auto: Packets are compared against ACL rules in the depth-first match order.The term depth-first match has different meanings for different types of IPv4 ACLs, as shown in Table1-2.