Acl Configuration; Acl Overview - Zte ZXR10 5900 Series User Manual

All gigabit-port intelligent routing switch

Hide thumbs Also See for ZXR10 5900 Series:

User manual (133 pages)

Hardware manual (53 pages)

Product description (77 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

page of 208

/ 208
Contents
Table of Contents
Bookmarks

Table of Contents

C h a p t e r

ACL Configuration

Table of Contents

ACL Overview ...................................................................59

Configuring ACL ................................................................60

ACL Configuration Example .................................................66

ACL Maintenance and Diagnosis...........................................68

ACL Overview

Packet filtering can help limit network traffic and restrict network

use by certain users or devices. ACL's can filter traffic as it passes

through a router and permit or deny packets at specified inter-

faces.

An ACL is a sequential collection of permit and deny conditions

that apply to packets. When a packet is received on an interface,

the switch compares the fields in the packet against any applied

ACL's to verify that the packet has the required permissions to be

forwarded, based on the criteria specified in the access lists. It

tests packets against the conditions in an access list one by one.

The first match determines whether the switch accepts or rejects

the packets because the switch stops testing conditions after the

first match. The order of conditions in the list is critical. If no

conditions match, the switch rejects the packets. If there are no

restrictions, the switch forwards the packet; otherwise, the switch

drops the packet.

Packet matching rules defined by the ACL are also used in other

conditions where distinguishing traffic is needed. For instance, the

matching rules can define the traffic classification rule in the QoS.

ZXR10 5900/5200 provides the following six types of ACLs:

�

Standard ACL: Only match the source IP address.

�

Extended ACL: Match the following items: Source IP address,

destination IP address, IP protocol type, TCP source port num-

ber, TCP destination port number, UDP source port number,

UDP destination port number, ICMP type, ICMP Code, DiffServ

Code Point (DSCP), ToS and Precedence.

�

L2 ACL: Match source MAC address, destination MAC address,

source VLAN ID, L2 Ethernet protocol type and 802.1p priority

value.

�

Hybrid ACL: Match source MAC address, destination MAC ad-

dress, source VLAN ID, source IP address, destination IP ad-

Confidential and Proprietary Information of ZTE CORPORATION

Table of Contents

Show Quick Links

Hide quick links:

Chapters

Table of Contents

This manual is also suitable for:

Zxr10 5200 series Zxr10 5924 Zxr10 5928 Zxr10 5928–fi Zxr10 5952 Zxr10 5224 ... Show all

Acl Configuration; Acl Overview - Zte ZXR10 5900 Series User Manual

ACL Configuration

ACL Overview ...................................................................59

Hide quick links:

Chapters

Related Manuals for Zte ZXR10 5900 Series

Related Content for Zte ZXR10 5900 Series

This manual is also suitable for:

Table of Contents