Access Control List (ACL)
Network Management
The basic principles and understanding the role of the ACL
control ACL rules basic structures and sequence matching
an ACL of network devices matching packets through the apparatus according to the pre-configured packet matches the rule, then the packet of the match performing pre-configured processing operation. The matching rules and the corresponding processing operation is based on specific business requirements set.
ACL is always used in conjunction with other techniques firewall, routing policies, QoS, traffic filtering and the like.
Different network equipment manufacturers differ on the implementation details of ACL technology.
The basic ACL number range 2000-2999 and 3000-3999 advanced ACL number range
on a network device when configuring ACL, each ACL must be assigned a number, usually consists of several pieces of an ACL deny | permit statements, each statement is the ACL a rule, each statement is the deny and permit process and the rule corresponding to motion.
The device configured ACL after receiving a message, the message will be the rule in the ACL are matched one by one, if you can not match the current rule, would continue to try to match the next rule, once a packet matches on a a rule processing operation, the device will enforce the rules defined in the packet, and does not continue attempting to match subsequent rules, if the packet does not match any of the rules of the ACL, the device will permit the implementation of this message action.
ACL substantially only the source address of IP packets, packet fragmentation flag, and the time period information defines rules
rule [rule-id] {deny | permit} [source {source-address source-wildcard | any} | fragment | logging | time-range time-name ] 
configuration is as follows: first create the rule, and then apply the rule on the specified port
acl 2000
0.0.0.0 Source 172.16.10.100 the deny rule
interface 1/0/3 gigabitEthernet
the traffic filter outbound ACL-2000
such as source IP address 172.16.10.100 IP packet can not pass the router R GE1 / 0/3 interfaces out.
Advanced ACL may according to the priority value of the source IP address of the IP packet, destination IP address, the value of the protocol field in the IP packet, IP packet, the length of the value of the IP packets, TCP packets source port number, TCP packets destination port number of the text information, UDP source port and destination port number and the like to define rules.
3000 acl
rule deny 0.0.0.0 Where do you want 172.16.10.100
interface gigabitethernet 1/0/3
traffice-filter inbound acl 3000
network management refers to all levels in a timely and accurate understanding of and intervention for the structure and operational status of the network.
NMS eSight
SNMP Simple Network Management Protocol SMI Structure of Management Information MIB Management Information Base 
SNMP packets are encapsulated in UDP packets, the destination port number 161, the return destination port SNMP messages over UDP to a manager from the agent 162