Zte ZXR10 2900E series Configuration Manual page 92
Easy-maintenance secure switch
Hide thumbs
Also See for ZXR10 2900E series:
- Command reference manual (692 pages) ,
- Command reference manual (750 pages)
Table of Contents
Advertisement
ZXR10 2900E Series Configuration Guide
l
ACL rules can be added, deleted, and sorted.
1. Rules can be added to a configured ACL. Regular ID number range is 1-500.
2. Configured ACL can be deleted regularly. If the specified ACL instance number
or rule number is not configured, a false message will return.
3. Many rules of an ACL can be sorted. It is necessary to specify the position where
a rule number should be moved.
l
An ACL can become valid according to the configured time range. After configuring
absolute or relative time range on the switch, the time range can be applied to the rule
of the ACL. This causes the rule to be valid according to the time range specification.
l
The ZXR10 2900E provides the following ten types of ACLs:
1. Basic ACL: Only matches the source IP address.
2. Extended ACL: Matches the source IP address, destination IP address, IP
protocol type, TCP source port number, TCP destination port number, UDP
source port number, UDP destination port number, ICMP type, ICMP Code and
DiffServ Code Point (DSCP).
3. L2 ingress ACL: Matches the source MAC address, destination MAC address,
source VLAN ID and 802.
DSAP/SSAP.
4. Hybrid ingress ACL: Matches source IPv4/IPv6 address, destination IPv4/IPv6
address, IP protocol type, TCP source port number, TCP destination port number,
UDP source port number, UDP destination port number, DiffServ Code Point
(DSCP), source MAC address, destination MAC address, source VLAN ID and
802. 1p priority value.
5. Global ACL: Matches the source IP address, destination IP address, IP protocol
type, TCP source port number, TCP destination port number, UDP source port
number, UDP destination port number, DiffServ Code Point (DSCP), source MAC
address, destination MAC address, source VLAN ID and 802. 1p priority value.
6. Basic egress ACL: Only matches source IP address.
7. Extended egress ACL: Matches the source IP address, destination IP address,
IP protocol type, TCP source port number, TCP destination port number, UDP
source port number, UDP destination port number, ICMP type, ICMP Code and
DiffServ Code Point (DSCP).
8. L2 egress ACL: Matches the destination MAC address, source VLAN ID and 802.
1p priority value, Ethernet network type and DSAP/SSAP.
9. Hybrid egress ACL: Matches the Source IPv4/IPv6 address, destination
IPv4/IPv6 address, IP protocol type, TCP source port number, TCP destination
port number, UDP source port number, UDP destination port number, DiffServ
Code Point (DSCP), source MAC address, destination MAC address, source
VLAN ID and 802. 1p priority value.
10. User-defined ingress ACL: Only matches the bytes defined by users.
l
Each ACL has an access list number to identify, which is a digit. The access list
number ranges of different types of ACL are shown below:
1. Basic ingress ACL: 1–99
2. Extended ingress ACL: 100–199
3. L2 ingress ACL: 200–299
SJ-20130731155059-002|2013-11-27 (R1.0)
1p priority value, Ethernet network type and
5-44
ZTE Proprietary and Confidential
Hide quick links:
Advertisement
Table of Contents
