1. Manuals
  2. Brands
  3. Zte Manuals
  4. Switch
  5. ZXR10 2900 Series
  6. User manual

Acl Configuration; Acl Overview - Zte ZXR10 2900 Series User Manual

Intelligent
Hide thumbs
Table of Contents

Advertisement

ACL Configuration

ACL Overview

An Access Control List (ACL) is a sequential collection of permit
and deny conditions that apply to packets. When a packet is re-
ceived on an interface, the switch compares the fields in the packet
against any applied ACL's to verify that the packet has the required
permissions to be forwarded, based on the criteria specified in the
access lists. It tests packets against the conditions in an access
list one by one. The first match determines whether the switch
accepts or rejects the packets because the switch stops testing
conditions after the first match. The order of conditions in the list
is critical. If no conditions match, the switch rejects the packets.
If there are no restrictions, the switch forwards the packet. oth-
erwise, the switch drops the packet.
ZXR10 2920/2928/2952/2936-FI supports the following functions.
1. ZXR10 2920/2928/2952/2936-FI provides two binding types
including physical port and Trunk Groups. When a physical port
is added into a Trunk Groups and has been bounded an ACL,
current bound will be released first, otherwise, a false message
will return. When ACL is applied to Trunk Groups, physical port
will be bound with ACL automatically.
2. ACL rule can be added, deleted, sorted.
i. Rule can be added to a configured ACL. Regular ID number
range is 1-500 .
ii. Configured ACL can be deleted regularly. If the specified
ACL instance number or rule number hasn't been config-
ured, a false message will return.
iii. Many rules of an ACL can be sorted and only need to specify
the place where rule number need to be moved.
3. An ACL can become valid according to configured time range.
After configuring absolute or relative time range on the switch,
time range can be applied to the rule of ACL. This causes the
rule to be valid according to the time range specification.
4. ZXR10 2920/2928/2952/2936-FI provides the following five
types of ACLs:
i. Basic ACL: Only match source IP address.
ii. Extended ACL: Match source IP address, destination IP ad-
dress, IP protocol type, TCP source port number, TCP des-
tination port number, UDP source port number, UDP des-
tination port number, ICMP type, ICMP Code and DiffServ
Code Point (DSCP).
iii. L2 ACL: Match source MAC address, destination MAC ad-
dress, source VLAN ID and 802. 1p priority value.
iv. Match Source IPV4/IPV6 address, destination IPV4/IPV6
address, IP protocol type, TCP source port number, TCP
destination port number, UDP source port number, UDP
destination port number, DiffServ Code Point (DSCP),
Confidential and Proprietary Information of ZTE CORPORATION
Chapter 7 Service Configuration
147

Advertisement

Table of Contents
loading

Related Manuals for Zte ZXR10 2900 Series

Related Content for Zte ZXR10 2900 Series

Table of Contents