1-2z Software-based application: An ACL is referenced by a piece of upper layer software. For example,an ACL can be referenced to configure login user control behavior, thus controlling Telnet, SNMPand Web users. Note that when an ACL is reference by the upper layer software, actions to betaken on packets matching the ACL depend on those defined by the ACL rules. For details aboutlogin user control, refer to the Login Configuration.z When an ACL is assigned to a piece of hardware and referenced by a QoS policy for trafficclassification, the switch does not take action according to the traffic behavior definition on apacket that does not match the ACL.z When an ACL is referenced by a piece of software to control Telnet, SNMP, and Web login users,the switch denies all packets that do not match the ACL.z For details of ACL application for packet filtering, refer to Applying an ACL for Packet Filtering.ACL ClassificationACLs fall into three categories, as shown in Table 1-1.Table 1-1 ACL categoriesCategory ACL number Match criteriaBasic ACLs 2000 to 2999 Source IPv4 addressAdvanced ACLs 3000 to 3999 Source/destination IPv4 address, protocols over IPv4, and otherLayer 3 and Layer 4 header fieldsEthernet frameheader ACLs 4000 to 4999 Layer 2 header fields, such as source and destination MACaddresses, 802.1p priority, and link layer protocol typeACL Numbering and NamingEach ACL category has a unique range of ACL numbers. When creating an ACL, you must assign it anumber for identification, and in addition, you can also assign the ACL a name for the ease ofidentification. After creating an ACL with a name, you can neither rename it nor delete its name.The ACL number and name must be globally unique.Match OrderThe rules in an ACL are sorted in a certain order. When a packet matches a rule, the device stops thematch process and performs the action defined in the rule. If an ACL contains overlapping or conflictingrules, the matching result and action to take depend on the rule order.Two ACL match orders are available:z config: Sorts ACL rules in ascending order of rule ID. A rule with a lower ID is matched before arule with a higher ID. If you use this approach, check the rules and their order carefully.