1-2ACLs are sets of rules (or sets of permit or deny statements) that decide what packets can pass andwhat should be rejected based on matching criteria such as source MAC address, destination MACaddress, source IP address, destination IP address, and port number.Application of ACLs on the SwitchThe switch supports two ACL application modes:z Hardware-based application: An ACL is assigned to a piece of hardware. For example, an ACLcan be referenced by QoS for traffic classification. Note that when an ACL is referenced toimplement QoS, the actions defined in the ACL rules, deny or permit, do not take effect; actions tobe taken on packets matching the ACL depend on the traffic behavior definition in QoS. For detailsabout traffic behavior, see QoS Configuration Approaches in the ACL and QoS ConfigurationGuide.z Software-based application: An ACL is referenced by a piece of upper layer software. Forexample, an ACL can be referenced to configure login user control behavior, thus controllingTelnet, SNMP and Web users. Note that when an ACL is reference by the upper layer software,actions to be taken on packets matching the ACL depend on those defined by the ACL rules. Fordetails about login user control, see User Login Control in the Fundamentals Configuration Guide.z When an ACL is assigned to a piece of hardware and referenced by a QoS policy for trafficclassification, the switch does not take action according to the traffic behavior definition on apacket that does not match the ACL.z When an ACL is referenced by a piece of software to control Telnet, SNMP, and Web login users,the switch denies all packets that do not match the ACL.z For details of ACL application for packet filtering, see Applying an ACL for Packet Filtering.ACL ClassificationACLs fall into three categories, as shown in Table 1-1.Table 1-1 ACL categoriesCategory ACL number IP version Match criteriaIPv4 Source IPv4 addressBasic ACLs 2000 to 2999IPv6 Source IPv6 addressAdvanced ACLs 3000 to 3999 IPv4Source/destination IPv4 address, protocols overIPv4, and other Layer 3 and Layer 4 headerfields