Configuring Basic Acl Rule; Configuring Extended Acl - Zte ZXR10 5900 Series User Manual

All gigabit-port intelligent routing switch

Hide thumbs Also See for ZXR10 5900 Series:

User manual (133 pages)

Hardware manual (53 pages)

Product description (77 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

page of 208

/ 208
Contents
Table of Contents
Bookmarks

Table of Contents

Step Command

acl standard {number <acl-number

ZXR10(config)#

>|name <acl-name>}

ZXR10(config-std-acl)#

}{<source>[<source-wildcard>]|any}[time-range

<timerange-name>]

ZXR10(config-std-acl)#

before}<rule-no>

Example

Step Command

acl extend {number <acl-number>|n

ZXR10(config)#

ame <acl-name>}

ZXR10(config-ext-acl)#

eny}{<source><source-wildcard>|any}{<dest

><dest-wildcard>|any}[<icmp-type>[icmp-code

<icmp-code>]][{[precedence <pre-value>][tos

<tos-value>]}|dscp <dscp-value>][fragment][time-

range <timerange-name>]

ZXR10(config-ext-acl)#

}{<ip-number>|ip}{<source><source-wildcard>|a

ny}{<dest><dest-wildcard>|any}[{[precedence

<pre-value>][tos <tos-value>]}|dscp <dscp-value

>][fragment][time-range <timerange-name>]

ZXR10(config-ext-acl)#

y}{<source><source-wildcard>|any}[<rule><port

>]{<dest><dest-wildcard>|any}[<rule><port>][est

ablished][{[precedence <pre-value>][tos <tos-val

ue>]}|dscp <dscp-value>][fragment][time-range

<timerange-name>]

1. If a packet matches multiple rules at the same time, the first

matched rule shall apply. Therefore, the sequence of these

rules is critical important. In usual cases, the rule with smaller

range is put ahead and the rule with larger range is put behind.

2. Taking network security into account, an implicit Deny rule is

automatically attached to the end of each ACL to deny all pack-

ets. Therefore, a Permit rule is usually configured at the end

of ACL to permit all packets to pass through.

Configuring Basic ACL Rule

rule <1-100>{permit|deny

move <rule-no>{after |

This example defines a standard ACL. The ACL permits packets

from the network segment 192.168.1.0/24 to pass, but reject

packets with the source IP address of 192.168.1.100.

ZXR10(config)#acl standard number 10

ZXR10(config-std-acl)#rule 1 deny 192.168.1.100 0.0.0.0

ZXR10(config-std-acl)#rule 2 permit 192.168.1.0 0.0.0.255

Configuring Extended ACL

rule <rule-no>{permit|d

rule <rule-no>{permit|deny

rule <rule-no>{permit|den

Confidential and Proprietary Information of ZTE CORPORATION

Chapter 7 ACL Configuration

Function

This enters the standard ACL

configuration mode.

This configures the rules of

ACL.

This moves a rule behind of

another rule.

Function

This enters the extended ACL

configuration.

This configures the rules

based on ICMP.

This configures the rules

based on IP or IP protocol

number (excluded ICMP, TCP,

UDP)

This configures the rules

based on TCP.

Table of Contents

Show Quick Links

Hide quick links:

Chapters

Table of Contents

This manual is also suitable for:

Zxr10 5200 series Zxr10 5924 Zxr10 5928 Zxr10 5928–fi Zxr10 5952 Zxr10 5224 ... Show all

Configuring Basic Acl Rule; Configuring Extended Acl - Zte ZXR10 5900 Series User Manual

Configuring Basic ACL Rule

Configuring Extended ACL

Hide quick links:

Chapters

Related Manuals for Zte ZXR10 5900 Series

Related Content for Zte ZXR10 5900 Series

This manual is also suitable for:

Table of Contents