Operation Manual – ACLH3C S7500E Series Ethernet Switches Chapter 1 ACL Overview1-2z Software-based application: An ACL is referenced by a piece of upper layersoftware. For example, an ACL can be referenced to configure login user controlbehavior, thus controlling Telnet, SNMP and Web users. Note that when an ACL isreference by the upper layer software, actions to be taken on packets matchingthe ACL depend on those defined by the ACL rules. For details about login usercontrol, refer to the part about login configuration in this manual.Note:z When an ACL is assigned to a piece of hardware and referenced by a QoS policy fortraffic classification, the switch does not take action according to the traffic behaviordefinition on a packet that does not match the ACL.z When an ACL is referenced by a piece of software to control Telnet, SNMP, andWeb login users, the switch denies all packets that do not match the ACL.1.2 Introduction to IPv4 ACLThis section covers these topics:z IPv4 ACL Classificationz IPv4 ACL Namingz IPv4 ACL Match Orderz IPv4 ACL Stepz Effective Period of an IPv4 ACLz IP Fragments Filtering with IPv4 ACL1.2.1 IPv4 ACL ClassificationIPv4 ACLs, identified by ACL numbers, fall into four categories, as shown in Table 1-1.Table 1-1 IPv4 ACL categoriesCategory ACL number Matching criteriaBasic IPv4 ACL 2000 to 2999 Source IP addressAdvanced IPv4ACL 3000 to 3999Source IP address, destination IPaddress, protocol carried on IP, andother Layer 3 or Layer 4 protocolheader informationEthernet frameheader ACL 4000 to 4999Layer 2 protocol header fields such assource MAC address, destination MACaddress, 802.1p priority, and link layerprotocol type