Configuring Hybrid Acl - Zte ZXR10 5900 Series User Manual

All gigabit-port intelligent routing switch

Hide thumbs Also See for ZXR10 5900 Series:

User manual (133 pages)

Hardware manual (53 pages)

Product description (77 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

page of 208

/ 208
Contents
Table of Contents
Bookmarks

Table of Contents

Step Command

acl hybrid {number <acl-number>|n

ZXR10(config)#

ame <acl-name>}

ZXR10(config-hybd-acl)#

eny}{<ip-number>|ip}{<source><source-wildc

ard>|any}{<dest><dest-wildcard>|any}{[any

|<ether protocol>]}[cos <0-7>][<vlan-id>][ingress

<source-mac><source-mac-wildcard> egress

<dest-mac><dest-mac-wildcard>][time-range

<timerange-name>]

ZXR10(config-hybd-acl)#

rmit|deny}{<source><source-wildcard>|

any}{[<dest-ip><dest-wildcard>| any {ethe

r-protocol}[<vlan-id>][cos<value>][egress

<dst-mac><dst-wildcard>][ingress <sor-mac><s

or-wildcard>][time-range<range-name>]][eq

<port-number>{<dst-mac><dst-wildcard>|

any}<ether-protocol>[<vlan-id>][cos<value

>][egress<dst-mac><dst-wildcard>][ingress

<sor-mac><sor-wildcard>][time-range

<range-name>]]}

ZXR10(config-hybd-acl)#

rmit|deny}{<source><source-wildcard>|

any}{[<dest-ip><dest-wildcard>| any {ethe

r-protocol}[<vlan-id>][cos<value>][egress

<dst-mac><dst-wildcard>][ingress <sor-mac><s

or-wildcard>][time-range<range-name>]][eq

<port-number>{<dst-mac><dst-wildcard>|

any}<ether-protocol>[<vlan-id>][cos<value

>][egress<dst-mac><dst-wildcard>][ingress

<sor-mac><sor-wildcard>][time-range

<range-name>]]}

ZXR10(config-hybd-acl)#

before}<rule-no>

Example

Configuring Hybrid ACL

rule <rule-no>{permit|d

rule <rule-no>{pe

move <rule-no>{after |

This shows an extended ACL to perform the following functions:

1. Permit

UDP

210.168.1.0/24, the destination IP address 210.168.2.10,

destination MAC address 00d0.d0c0.5741, the source port

100 and the destination port 200 to pass.

2. Forbid

the

BGP

192.168.3.0/24 passing.

3. Forbid all packets with the MAC address 0100.2563.1425.

ZXR10(config)#acl hybrid number 300

ZXR10(config-hybd-acl)#rule 1 permit udp 210.168.1.0 0.0.0.255 Eq

100 210.168.2.10 0.0.0.0 eq 200 any Egress

00d0.d0c0.5741 0000.0000.0000

ZXR10(config-hybd-acl)#rule 2 deny tcp 192.168.3.0 0.0.0.255

Eq BGP any any

ZXR10(config-hybd-acl)#rule 3 deny any any any ingress

0100.2563.1425 0000.0000.0000

Confidential and Proprietary Information of ZTE CORPORATION

Function

This enters the hybrid ACL

configuration.

This configures the rules

based on IP or IP protocol

number (excluded ICMP, TCP,

UDP).

This configures the rules

based on TCP.

This configures the rules

based on UDP.

This moves a rule behind

another rule.

packets

from

the

packets

from

Chapter 7 ACL Configuration

network

segment

the

network

segment

Table of Contents

Show Quick Links

Hide quick links:

Chapters

Table of Contents

This manual is also suitable for:

Zxr10 5200 series Zxr10 5924 Zxr10 5928 Zxr10 5928–fi Zxr10 5952 Zxr10 5224 ... Show all

Configuring Hybrid Acl - Zte ZXR10 5900 Series User Manual

Configuring Hybrid ACL

Hide quick links:

Chapters

Related Manuals for Zte ZXR10 5900 Series

Related Content for Zte ZXR10 5900 Series

This manual is also suitable for:

Table of Contents