62 ACL OVERVIEWIn order to filter traffic, network devices use sets of rules, called access control lists(ACLs), to identify and handle packets.When configuring ACLs, go to these chapters for information you are interestedin:■ “ACL Overview” on page 835■ “IPv4 ACL Configuration” on page 841■ “IPv6 ACL Configuration” on page 851n Unless otherwise stated, ACLs refer to both IPv4 ACLs and IPv6 ACLs throughoutthis document.Introduction to ACLIntroduction As network scale and network traffic are increasingly growing, network securityand bandwidth allocation become more and more critical to networkmanagement. Packet filtering can be used to efficiently prevent illegal users fromaccessing networks and to control network traffic and save network resources.Access control lists (ACL) are often used to filter packets with configured matchingrules.ACLs are sets of rules (or sets of permit or deny statements) that decide whatpackets can pass and what should be rejected based on matching criteria such assource MAC address, destination MAC address, source IP address, destination IPaddress, and port number.Application of ACLs onthe SwitchThe switch supports two ACL application modes:■ Hardware-based application: An ACL is assigned to a piece of hardware. Forexample, an ACL can be referenced by QoS for traffic classification. Note thatwhen an ACL is referenced to implement QoS, the actions defined in the ACLrules, deny or permit, do not take effect; actions to be taken on packetsmatching the ACL depend on the traffic behavior definition in QoS. For detailsabout traffic behavior, refer to “Traffic Classification, TP, and LR Configuration”on page 861.■ Software-based application: An ACL is referenced by a piece of upper layersoftware. For example, an ACL can be referenced to configure login usercontrol behavior, thus controlling Telnet, SNMP and Web users. Note that whenan ACL is reference by the upper layer software, actions to be taken on packetsmatching the ACL depend on those defined by the ACL rules. For details aboutlogin user control, refer to “Controlling Login Users” on page 75.