Operation Manual – ACLH3C S5600 Series Ethernet Switches Chapter 1 ACL Configuration1-1Chapter 1 ACL ConfigurationWhen configuring ACL, go to these sections for information you are interested in:z ACL Overviewz ACL Configuration Task Listz Displaying and Maintaining ACL Configurationz Examples for Upper-layer Software Referencing ACLsz Examples for Applying ACLs to HardwareNote:z The feature of applying ACL rules to a VLAN is newly added, which is described inApplying ACLs to a VLAN.z The feature of configuring VLAN information for Layer 2 ACLs is newly added, whichis described in Configuring Layer 2 ACL.1.1 ACL OverviewAs the network scale and network traffic are increasingly growing, security control andbandwidth assignment play a more and more important role in network management.Filtering data packets can prevent a network from being accessed by unauthorizedusers efficiently while controlling network traffic and saving network resources. AccessControl Lists (ACLs) are often used to filter packets with configured matching rules.Upon receiving a packet, the switch compares the packet with the rules of the ACLapplied on the current port to permit or discard the packet.The rules of an ACL can be referenced by other functions that need traffic classification,such as QoS.ACLs classify packets using a series of conditions known as rules. The conditions canbe based on source addresses, destination addresses and port numbers carried in thepackets.According to their application purposes, ACLs fall into the following four types.z Basic ACL. Rules are created based on source IP addresses only.z Advanced ACL. Rules are created based on the Layer 3 and Layer 4 informationsuch as the source and destination IP addresses, type of the protocols carried byIP, protocol-specific features, and so on.