1-11 ACL OverviewIn order to filter traffic, network devices use sets of rules, called access control lists (ACLs), to identifyand handle packets.When configuring ACLs, go to these chapters for information you are interested in:z ACL Overviewz IPv4 ACL Configurationz IPv6 ACL Configurationz ACL Application for Packet FilteringUnless otherwise stated, ACLs refer to both IPv4 ACLs and IPv6 ACLs throughout this document.Introduction to ACLIntroductionAs network scale and network traffic are increasingly growing, network security and bandwidthallocation become more and more critical to network management. Packet filtering can be used toefficiently prevent illegal users from accessing networks and to control network traffic and save networkresources. Access control lists (ACL) are often used to filter packets with configured matching rules.ACLs are sets of rules (or sets of permit or deny statements) that decide what packets can pass andwhat should be rejected based on matching criteria such as source MAC address, destination MACaddress, source IP address, destination IP address, and port number.Application of ACLs on the SwitchThe switch supports two ACL application modes:z Hardware-based application: An ACL is assigned to a piece of hardware. For example, an ACL canbe referenced by QoS for traffic classification. Note that when an ACL is referenced to implementQoS, the actions defined in the ACL rules, deny or permit, do not take effect; actions to be taken onpackets matching the ACL depend on the traffic behavior definition in QoS. For details about trafficbehavior, refer to the QoS part in this manual.z Software-based application: An ACL is referenced by a piece of upper layer software. For example,an ACL can be referenced to configure login user control behavior, thus controlling Telnet, SNMPand Web users. Note that when an ACL is reference by the upper layer software, actions to betaken on packets matching the ACL depend on those defined by the ACL rules. For details aboutlogin user control, refer to the part about login configuration in this manual.