Terms
Terms
ACL is short for access control list.
An ACL is a set of rules (or permit or deny statements) for identifying traffic based on criteria such as source IP address, destination IP address, and port number. The identification is usually based on packet header information.
A number that uniquely identifies an ACL. There are two types of ACL identifier—name based and number based.
A collection of ACL rules and the time range for each rule.
Source IP address and wildcards.
Destination IP address and wildcards.
Source port of TCP or UDP packets. This parameter is valid only when TCP or UDP is selected.
Destination port of TCP or UDP packets. This parameter is valid only when TCP or UDP is selected.
Source MAC address and wildcards.
Destination MAC address and wildcards.
Matches packets based on the source IP address only.
Matches packets based on the Layer 3 and Layer 4 information, such as source and destination IP addresses, protocol number, and protocol features.
Matches packets based on the Layer 2 information, such as source and destination MAC addresses, VLAN priority, and link layer protocol type.
The AND operation is performed between the mask and the string of packet header (such as IP header) starting from a certain byte you specify. The result of the operation is compared with the customized character string to determine whether it is a matched packet.
Defines the period during which the ACL rules take effect. Time ranges can be fixed or cyclic. A fixed time range represents a period of time and does not recur. A cyclic time range recurs periodically on a day or days of the week.
Allows you to view ACL definitions, ACL uses, time ranges, and history configurations. You can optimize the rules of an ACL definition, synchronize ACL configuration, and deploy ACLs.
Allows you to add, delete, modify, stop, and start tasks. When adding a task, you can select one or more devices, and deploy ACL definitions, ACL uses, and time ranges to these devices.
Allows you to set the frequent used ACL rules as templates. You can add, delete, modify and copy templates.
A variable is a parameter to be set. You can specify a variable name when defining a template, and set the variable value when adding ACLs in batches. Currently, you can configure variables for source/destination IP addresses, source/destination MAC addresses and source/destination ports.
Updates the data in ACL Management database based on the configuration on devices.
Delivers one or more ACL definitions and ACL uses to specific devices through ACL Management tasks. The tasks can be stopped and started.
A mnemonic for configuring source/destination ports used in batch adding ACLs. The ACL configuration related ports defined by a service can be reused in adding a template for batch configuration.
A series of ACLs created in ACL Management.
Associates an ACL definition with a specific service. ACL definitions can be used for packet filter and VLAN packet filter.
Allows you to select one or more devices, and add an ACL definition for them at a time.
Allows you to select one or more devices, and associate an ACL definition with the interfaces on which the access control is required.
Includes Config and Auto. Config indicates that the ACL rules are matched in the order you configure. Support for this match order depends on the device model. For more information, see the user guides for the network devices. Auto indicates that the principle of depth priority is followed. That is, the rule that specifies a smaller range of packet address is matched first.
Includes Interface, Basic, Advanced, Layer 2 and User-Defined. Different types are identified by the value range. Support for ACL number ranges depends on device models. For more information, see the device configuration guides.
Specifies rules based on the interfaces receiving packets.
The rules are based on the source IP address only.
The rules are based on the Layer 3 and Layer 4 information such as source/destination IP addresses, upper-Layer protocol type, and protocol features.
The rules are based on the Layer 2 information such as source/destination MAC addresses, VLAN priority and link layer protocol type.
The AND operation is performed between the mask and the string of packet header (such as IP header) starting from a certain byte specified by you. The result of the operation is then extracted and compared with the custom character string to find whether the packet is a match.
The action to be performed on match, including permit and deny. permit indicates that the matching packets are allowed. deny indicates that the matching packets are discarded.
Type of ACL uses, currently including Packet Filter and VLAN Packet Filter and Global Packet Filter. It specifies the situation where the ACL applies.
Specifies the direction of ACL filter, including inbound and outbound.
Includes Parallel and Serial. Parallel indicates that the task is performed on all the target devices simultaneously without effect on each other. Serial indicates that the task is performed on devices one by one in a specific order. If the configuration on any device fails, the task stops.
Defines how to handle errors occurring during the task deployment. It includes the following options:
Defines the time when the task is executed, including Immediately and Scheduled time.
Includes Waiting, Running, Paused, Stopping, and Finished. You can start, stop, delete, and modify a task. The allowed operations in different task status are described as follows.
Start |
Stop |
Delete |
Modify |
|
Waiting |
Y |
Y |
Y |
|
Running |
|
Y |
||
Paused |
Y |
Y |
||
Stopping |
||||
Finished |
Y |