Table 1 lists ACL configuration tasks. The configuration tasks can be performed in any sequence. You need to select at least one of them.
Scenario |
Description |
Task (Perform Steps in Sequence) |
|---|---|---|
Configure and apply a basic ACL. |
A basic ACL defines rules to filter IPv4 packets based on information such as source IP addresses, fragment information, and time ranges. To filter packets based only on source IP addresses, you can configure a basic ACL. |
|
Configure and apply an advanced ACL. |
Advanced ACLs give you greater flexibility and functionality than basic ACLs, allowing you to filter packets more accurately. For example, with advanced ACLs, you can define rules to filter IPv4 packets based on a range of criteria, including source IP addresses, destination IP addresses, IP protocol types, TCP source/destination port numbers, UDP source/destination port numbers, fragment information, and time ranges. |
|
Configure and apply a Layer 2 ACL. |
A Layer 2 ACL defines rules to filter traffic based on Ethernet frame information, such as source MAC addresses, destination MAC addresses, VLAN IDs, and Layer 2 protocol types. |
|
Configure and apply a user-defined ACL. |
A user-defined ACL defines rules based on packet headers, offsets, character string masks, and user-defined character strings. With such a user-defined ACL configured, the system performs an AND operation on the packet bytes from a certain position behind the packet header and the character string mask, compares the extracted character string against the user-defined character string, and then filters IPv4 and IPv6 packets. User-defined ACLs are more accurate and flexible than basic ACLs, advanced ACLs, and Layer 2 ACLs, as well as providing more functions. For example, a user-defined ACL can be configured to filter ARP packets based on source IP addresses and ARP packet types. |
|
Configure and apply a user ACL. |
A user ACL defines rules to filter IPv4 packets based on the source IP addresses or source User Control List (UCL) groups, destination IP addresses or destination UCL groups, IP protocol types, ICMP types, TCP source/destination port numbers, UDP source/destination port numbers, and time ranges. To filter packets based on UCL groups, configure a user ACL. |
|
Configure and apply a basic ACL6. |
A basic ACL6 defines rules to filter IPv6 packets based on information such as source IPv6 addresses, fragment information, and time ranges. To filter packets based only on source IPv6 addresses, you can configure a basic ACL6. |
|
Configure and apply an advanced ACL6. |
An advanced ACL6 defines rules to filter IPv6 packets based on source IPv6 addresses, destination IPv6 addresses, IPv6 protocol types, TCP source/destination port numbers, UDP source/destination port numbers, fragment information, and time ranges. Compared with a basic ACL6, an advanced ACL6 is more accurate and flexible, and provides more functions. For example, to filter packets based on source and destination IPv6 addresses, configure an advanced ACL6. |
|
Configure and apply a user ACL6. |
A user ACL6 defines rules to filter IPv6 packets based on the source IPv6 addresses or source User Control List (UCL) groups, destination IPv6 addresses, IPv6 protocol types, ICMPv6 types, TCP source/destination port numbers, UDP source/destination port numbers, and time ranges. To filter packets based on UCL groups, configure a user ACL6. |