Checking The Configuration - Huawei Quidway S3700 Series Configuration Manual
Hide thumbs
Also See for Quidway S3700 Series:
- Configuration manual (398 pages) ,
- Quick start manual (70 pages) ,
- Manual (69 pages)
Table of Contents
Advertisement
Quidway S3700 Series Ethernet Switches
Configuration Guide - Security
You can configure the advanced ACL6 on the S3700 according to the type of the protocol carried
by IP. The parameters vary according to the protocol type.
l When protocol is TCP, run:
l When protocol is UDP, run:
l When protocol is ICMPv6, run:
l When protocol is not TCP, UDP, or ICMPv6, run:
----End
10.4.6 Checking the Configuration
Checking the configuration of the ACL6s.
Prerequisite
The configurations of the ACL6 are complete.
Procedure
l
l
l
----End
Issue 01 (2011-07-15)
rule [ rule-id ] { deny | permit } { tcp | protocol } [ destination { destination-
ipv6-address prefix-length | destination-ipv6-address/prefix-length |
destination-ipv6-address postfix postfix-length | any } | destination-port { eq
| gt | lt | range } port | dscp dscp | fragment | logging | precedence
precedence | source { source-ipv6-address prefix-length | source-ipv6-address/
prefix-length | source-ipv6-address postfix postfix-length | any } | source-
port { eq | gt | lt | range } port | tcp-flag {tcp-value |ack | fin | psh | rst
*
| syn | urg }
| time-range time-name | tos tos ]
rule [ rule-id ] { deny | permit } { udp | protocol } [ destination { destination-
ipv6-address prefix-length | destination-ipv6-address/prefix-length |
destination-ipv6-address postfix postfix-length | any } | destination-port { eq
| gt | lt | range } port | dscp dscp | fragment | logging | precedence
precedence | source { source-ipv6-address prefix-length | source-ipv6-address/
prefix-length | source-ipv6-address postfix postfix-length | any } | source-
port { eq | gt | lt | range } port | time-range time-name | tos tos ]
rule [ rule-id ] { deny | permit } { icmpv6 | protocol } [ destination
{ destination-ipv6-address prefix-length | destination-ipv6-address/prefix-
length | destination-ipv6-address postfix postfix-length | any } | dscp dscp |
fragment | icmp6-type { icmp6-type-name | icmp6-type icmp6-code } | logging |
precedence precedence | source { source-ipv6-address prefix-length | source-ipv6-
address/prefix-length | source-ipv6-address postfix postfix-length | any } |
time-range time-name | tos tos ]
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ipv6-
address prefix-length | destination-ipv6-address/prefix-length | destination-
ipv6-address postfix postfix-length | any } | dscp dscp | fragment | logging |
precedence precedence | source { source-ipv6-address prefix-length | source-ipv6-
address/prefix-length | source-ipv6-address postfix postfix-length | any } |
time-range time-name | tos tos ]
Run the display acl ipv6 { acl6-number | all } command to check the ACL6 rule based on
the number.
Run the display acl ipv6 name acl6-name command to check the ACL6 rule based on the
name.
Run the display time-range { all | time-name } command to view information about the
time range.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
*
*
*
10 ACL Configuration
*
236
Advertisement
Table of Contents
