Differences between software and hardware ACLs

62

First, software ACLs are executed at the software level, whereas hardware ACLs are executed at the chip level.
By default, software ACLs have a hidden deny action.
For hardware ACLs, if no rule is specified, forwarding is based on system entries.

Other related questions:
Hardware difference between SSE1LWC and SSEM1LWC
SSEM1LWC is a configuration board and SSE1LWC is a finished board. In general, the two boards can be considered as one type.

What are the differences between port isolation and ACL on a WLAN device
For WLAN devices: The port isolation function isolates interfaces in a VLAN, providing secure and flexible networking solutions. To implement Layer 2 isolation between interfaces, you can add these interfaces to different VLANs. However, this approach wastes VLAN resources. Port isolation can isolate interfaces in the same VLAN, and a port isolation group can effectively implement Layer 2 isolation between these interfaces. Port isolation offers secure and flexible networking solutions. An ACL is a packet filter that filters packets based on rules. A device with an ACL configured matches packets based on the rules to obtain the packets of a certain type, and then decides to forward or discard these packets according to the policies used by the service module to which the ACL is applied. Uncontrolled mutual access between different network segments brings security risks. After an ACL is applied to a QoS traffic policy or simplified traffic policy, the access rights between the users on different network segments are restricted.

Hardware loopback and software loopback
A hardware loopback is performed on a physical port (an optical port) using a fiber. It must be performed onsite, while a software loopback can be configured on the NMS. A loopback will interrupt services, and therefore it is often used for deployment commissioning or service interruption diagnosis.

Hardware differences between LWC boards on LH WDM devices
Question: SSE1LWC and SSEM1LWC are present in technical documents. Do they have any differences? Answer: SSEM1LWC is a configuration board and SSE1LWC is a finished board. The two boards can be considered as the same board in most cases, and even SSEM1LWC is regarded as SSE1LWC in communication. However, you need to differentiate them in spare parts application and rectification, because you need to provide the BOM numbers of multiple configuration modules when applying for a configuration board, but you need to provide only one BOM number when applying for a finished board.

Difference between port isolation and ACLs on S series switches
For S series switches (except S1700 switches): The port isolation function isolates interfaces in a VLAN, providing secure and flexible networking solutions. To implement Layer 2 isolation between interfaces, you can add each interface to a different VLAN. This method, however, wastes VLAN resources. Port isolation can isolate interfaces in the same VLAN, and a port isolation group can effectively implement Layer 2 isolation between these interfaces. It provides secure and flexible networking solutions. An ACL is a packet filter that filters packets based on rules. A switch with an ACL configured matches packets based on the rules to obtain the packets of a certain type, and then decides to forward or discard these packets according to the policies used by the service module to which the ACL is applied. For example, after an ACL is applied to a traffic policy or simplified traffic policy, access rights of the users on different network segments are restricted, preventing security risks caused by uncontrolled mutual access between different network segments.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top