Command
config acl hybrid number
zte(cfg)#
<acl-number>
5. To create a global ACL instance, use the following command.
Command
config acl global
zte(cfg)#
6. To configure a basic ACL rule in basic ACL configuration mode,
use the following command.
Command
rule <rule-id>{permit |
zte(cfg)#
deny}{<source-ipaddr wildcard>|
any}[fragment]
< rule-id >: designate the sub-item of the access control
�
list and the range is 1~500.
source-ipaddr: The source IP or host of sending packet,
�
expressed by 32 bits of IP address (in dotted decimal no-
tation).
source-wildcard: Wildcard, used as the source, expressed
�
by 32 bits of IP address (in dotted decimal notation). The
keyword any is used as the abbreviation for the source
0.0.0.0 and the wildcard 255.255.255.255.
fragment: It is only available in fragment packet.
�
Creating a basic ACL instance means entering the configuration
mode of this instance, that is , basic ACL configuration mode.
7. To configure an extended ACL rule, use the following command.
Command
rule <rule_id>{permit |
zte(cfg)#
deny}{<ip-protocol>| ip | tcp | udp |
icmp | arp}{<source-ipaddr wildcard>|
any}{<destination-ipaddr wildcard>|
any}[dscp <0-63>][fragment]
rule-id: designate the sub-item of the access control list
�
and the range is 1~500.
< ip-protocol >, ip, tcp, udp, icmp , arp: the matching
�
protocol type. It can be one of the above keyword or an
integer representing IP protocol number from 0 to 255.
destination-ipaddr: the matching destination IP address.
�
destination-wildcard: the wildcard shielding code match-
�
ing with destination.
Confidential and Proprietary Information of ZTE CORPORATION
Chapter 7 Service Configuration
Function
This creates a Hybrid
ACL instance.
Function
This creates a global
ACL instance. ACL
number is 400.
Function
This configures a basic
ACL rule in basic ACL
configuration mode.
Function
This configures an
extended ACL rule.
the keyword any is used as the
149