Table of Contents
Advertisement
ZXR10 2900E Series Configuration Guide
Command
zte(extend-acl-group)#rule <1-500>{permit | deny}<ip-protocol>{<sour
ce-ipaddr><sip-mask>| any}{<destination-ipaddr><dip-mask>| any}[dscp
<0-63>][fragment]
zte(extend-acl-group)#rule <1-500>{permit | deny} icmp
{<source-ipaddr><sip-mask>| any}{<destination-ipaddr><dip-mask>|
any}[icmp-type <0-254><icmp-code>][dscp <0-63>][fragment]
zte(extend-acl-group)#rule <1-500>{permit | deny} ip {<source-ipaddr><sip-
mask>| any}{<destination-ipaddr><dip-mask>| any}[dscp <0-63>][fragment]
zte(extend-acl-group)#rule <1-500>{permit | deny} tcp {<source-ipaddr
><sip-mask>| any}[source-port <0-65535><sport-mask>]{<destination-ipa
ddr><dip-mask>| any}[dest-port <0-65535><dport-mask>][establishing |
established][dscp <0-63>][fragment]
zte(extend-acl-group)#rule <1-500>{permit | deny} udp
{<source-ipaddr><sip-mask>| any}[source-port <0-65535><s
port-mask>]{<destination-ipaddr><dip-mask>| any}[dest-port
<0-65535><dport-mask>][dscp <0-63>][fragment]
zte(extend-acl-group)#rule <1-500>{permit | deny} arp {<sender-ipaddr><s
ip-mask>| any}{<target-ipaddr><tip-mask>| any}
zte(cfg)#clear ingress-acl extend number <100-199>
zte(cfg)#config ingress-acl link number <200-299>
zte(link-acl-group)#rule <1-500>{permit | deny} ip {[cos
<0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>|
any][<dest-mac><dmac-mask>| any]}
zte(link-acl-group)#rule <1-500>{permit | deny} arp {[cos
<0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>|
any][<dest-mac><dmac-mask>| any]}
zte(link-acl-group)#rule <1-500>{permit | deny} other {[ether-type
<1501-65535>| dsap-ssap <0-65535>][cos <0-7>][<vlan-id>[<vlan-mask
>]][<source-mac><smac-mask>| any][<dest-mac><dmac-mask>| any]}
zte(link-acl-group)#rule <1-500>{permit | deny} any [<vlan-id>[<vlan-mask
>]][cos <0-7>][<source-mac><smac-mask>| any][<dest-mac><dmac-mask>|
any]
zte(cfg)#clear ingress-acl link number <200-299>
zte(cfg)#config ingress-acl hybrid number <300-399>
SJ-20120409144109-002|2012-07-02(R1.0)
Function
Sets the rule that an extended ingress
ACL matches IPv4–specified protocol
field packet.
Sets the rule that an extended ingress
ACL is used to match ICMP packet.
Sets the rule that an extended ingress
ACL is used to match IP packet.
Sets the rule that an extended ingress
ACL is used to match TCP packet.
Sets the rule that an extended ingress
ACL is used to match UDP packet.
Sets the rule that an extended ingress
ACL is used to match ARP packet.
Clears an extended port ACL instance.
Creates and configures a layer-2
ingress ACL instance.
Sets the rule that a layer-2 ingress ACL
is used to match IP packet.
Sets the rule that a layer-2 ingress ACL
is used to match ARP packet.
Sets the rule that a layer-2 ingress ACL
is used to match the packet except
IP/ARP.
Sets the rule that a layer-2 ingress ACL
is used to match packets with specified
cos, VLAN id, smac, and dmac flags.
Clears a layer-2 ingress ACL instance.
Creates and configures a hybrid ingress
ACL instance.
4-44
ZTE Proprietary and Confidential
Hide quick links:
Advertisement
Chapters
Table of Contents
