1ACL configurationThis chapter includes these sections:• ACL overview• ACL configuration task list• Configuring an ACL• Configuring a time range• Configuring a basic ACL• Configuring an advanced ACL• Configuring an Ethernet frame header ACL• Configuring a start or end remark• Copying an ACL• Packet filtering with ACLs• Displaying and maintaining ACLs• ACL configuration examplesNOTE:• Unless otherwise stated, ACLs refer to both IPv4 and IPv6 ACLs throughout this document.• The Layer 3 Ethernet interface in this document refers to the Ethernet port that can perform IP routing andinter-VLAN routing. You can set an Ethernet port as a Layer 3 Ethernet interface by using the portlink-mode route command (see theLayer 2—LAN Switching Configuration Guide).ACL overviewAn access control list (ACL) is a set of rules (or permit or deny statements) for identifying traffic based oncriteria such as source IP address, destination IP address, and port number.ACLs are primarily used for packet filtering. A packet filter drops packets that match a deny rule andpermits packets that match a permit rule. ACLs are also used by many modules, for example, QoS andIP routing, for traffic classification and identification.ACL applications on the switchAn ACL is implemented in hardware or software, depending on the module that uses it. If the module, thepacket filter or QoS module for example, is implemented in hardware, the ACL is applied to hardwareto process traffic. If the module, the routing or user interface access control module (Telnet, SNMP, or web)for example, is implemented in software, the ACL is applied to software to process traffic.The user interface access control module denies packets that do not match any ACL. Some modules, QoSfor example, ignore the permit or deny action in ACL rules and do not base their drop or forwardingdecisions on the action set in ACL rules. See the specific module for information about ACL application.