Rule (Layer 2 Acl) - Zte ZXR10 Command Manual

ZXR10 Command Manual (Security Volume)
Example
Related
Commands
Purpose
Command Modes
Syntax
Syntax
Description
28 Confidential and Proprietary Information of ZTE CORPORATION
bootpc, bootps, domain, NTP, pim-auto-rp, RIP, SNMP, sn-
mptrap and TFTP
� If the time-range field is not configured, this rule will be effec-
tive permanently. The relevant time range command must be
configured before the use of the time-range field.
�
ACL rule event list is only supported in T160G series switches.
This example describes how to configure rules 1~ 5 of the ex-
tended ACL.
ZXR10(config)#acl extended number 100
ZXR10(config-ext-acl)#rule 1 permit 100 any any
ZXR10(config-ext-acl)#rule 2 permit icmp 168.1.1.0 0.0.0.255 any
echo dscp 1
ZXR10(config-ext-acl)#rule 3 deny ip any 168.1.0.0 0.0.255.255
tos 1 precedence 1
ZXR10(config-ext-acl)#rule 4 permit tcp any eq bgp 168.1.1.0
0.0.0.255 eq domain established tos 1 precedence 7
ZXR10(config-ext-acl)#rule 5 deny udp any any dscp 5 time-range test
show acl
time-range
event-list

rule (Layer 2 ACL)

Use this command to define a layer 2 ACL rule. Delete the rule
with no command.
Layer 2 ACL configuration
rule <rule-no>{permit | deny}{<ether-protocol>| any }[cos
<cos-value>][incos <cos-value>][dinvlan <vlan-id>][douterv
lan <vlan-id>][ingress {<source-mac><source-mac-wildcard>|
any}][egress {<dest-mac><dest-mac-wildcard>| any}][{time
-range <timerange-name>| event <event-name>}]
no rule <rule-no>
<rule-no>
permit
deny
<ether-protocol>
cos <cos-value>
incos <cos-value>
dinvlan <vlan-id>
doutervlan
<vlan-id>
ingress
ACL rule number, range: 1~100 or 1000
Permits the packet that matches this rule
Denies the packet that matches this rule
Ethernet type field, IP, ARP or a designated
number (0~65535)
802.1p priority, range: 0~7, outer
802.1p priority, range: 0~7, inside
Inside VLAN identifier
Outside VLAN identifier
Filters according to source MAC address