Creating An Acl - Huawei Quidway S2700 Series Configuration Manual

Quidway S2700 Series Ethernet Switches
Configuration Guide - Security
No.
4
5

9.3.2 Creating an ACL

You can create an ACL based on the number or name.
Context
An ACL is composed of multiple lists of rules containing permit or deny clauses. Before
creating an ACL rule, you need to create an ACL.
To create an ACL, you need to specify the following parameters:
l
l
Procedure
l
l
Issue 01 (2011-07-15)
Data
Number of ACL rule and the rule that identifies the type of packets, including
protocol, source address, source port, destination address, destination port, the type
and code of Internet Control Message Protocol (ICMP), IP precedence, and Type of
Service (ToS) value
Step of the ACL
When creating an ACL based on the number, you need to specify the ACL number. The
ACL number specifies the type of an ACL. For example, the ACL with the number ranging
from 2000 to 2999 is a basic ACL, and the ACL with the number ranging from 3000 to
3999 is an advanced ACL.
When creating an ACL based on the name, you need to specify the ACL name. You can
specify the number or type for a named ACL. If the number of a named ACL is not specified,
the system automatically allocates a number to the named ACL.
Creating an ACL based on the number
1. Run:
system-view
The system view is displayed.
2. Run:
acl [ number ] acl-number
An ACL with the specified number is created.
– The value of a basic ACL ranges from 2000 to 2999.
– The value of an advanced ACL ranges from 3000 to 3999.
– The value of a Layer 2 ACL ranges from 4000 to 4999.
Creating an ACL based on the name
1. Run:
system-view
The system view is displayed.
2. Run:
acl name acl-name [ advance | basic | link | acl-number ]
An ACL with the specified name is created.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9 ACL Configuration
159