Huawei quidway s7700 Configuration Manual page 63

Quidway S7700 Smart Routing Switch
Configuration Guide - SPU
l
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
inter-vlan-bridge instance instance-id
The VLAN bridge instance is created.
By default, no VLAN bridge instance is created.
Step 3 (Optional) Run:
description description
The description of the VLAN bridge instance is set.
The default description is "inter-vlan-bridge instance-id."
Step 4 Run:
quit
Issue 01 (2011-07-15)
– ARP protocol packets
– Broadcast MAC address: FFFF.FFFF.FFFF
– Multicast address: 0100.5E00.0000-0100.5EFE.FFFF
– IPv6 multicast address: 3333.0000.0000-3333.FFFF.FFFF
– BPDU multicast address: 0100.0CCC.CCCD
– Appletalk network multicast address: 0900.0700.0000-0900.07FF.FFFF
The configuration is as follows:
acl number 4000
rule 5 permit l2-protocol arp
rule 10 permit destination-mac ffff-ffff-ffff
rule 15 permit destination-mac 0100-5e00-0000 ffff-
ff01-0000
rule 20 permit destination-mac 3333-0000-0000
ffff-0000-0000
rule 25 permit destination-mac 0100-0ccc-
cccd
rule 30 permit destination-mac 0900-0700-0000 ffff-ff00-0000
The Layer 2 ACL allows the packets to traverse the transparent firewall.
You can also configure the transparent firewall to permit Layer 3 protocol packets, such as
OSPF, BGP, RIP, and VRRP packets.
The configuration is as follows:
acl number 3000
rule 5 permit
ospf
rule 10 permit tcp destination-port eq
bgp
rule 15 permit udp destination-port eq rip
Permit VRRP protocol packets:
acl number 4000
rule 35 permit source-mac 0000-5e00-0100 ffff-ffff-ff00
acl number 3000
rule 20 permit ip destination 224.0.0.18 0
The ACL allows dynamic routing protocol packets to pass the transparent firewall. To
permit VRRP packets, configure both Layer 2 ACL and advanced ACL.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 Firewall Configuration
52