ZXR10 Command Manual (Security Volume)
Example
Related
Commands
Purpose
Command Modes
Syntax
Syntax
Description
28
Confidential and Proprietary Information of ZTE CORPORATION
bootpc, bootps, domain, NTP, pim-auto-rp, RIP, SNMP, sn-
mptrap and TFTP
�
If the time-range field is not configured, this rule will be effec-
tive permanently. The relevant time range command must be
configured before the use of the time-range field.
�
ACL rule event list is only supported in T160G series switches.
This example describes how to configure rules 1~ 5 of the ex-
tended ACL.
ZXR10(config)#acl extended number 100
ZXR10(config-ext-acl)#rule 1 permit 100 any any
ZXR10(config-ext-acl)#rule 2 permit icmp 168.1.1.0 0.0.0.255 any
echo dscp 1
ZXR10(config-ext-acl)#rule 3 deny ip any 168.1.0.0 0.0.255.255
tos 1 precedence 1
ZXR10(config-ext-acl)#rule 4 permit tcp any eq bgp 168.1.1.0
0.0.0.255 eq domain established tos 1 precedence 7
ZXR10(config-ext-acl)#rule 5 deny udp any any dscp 5 time-range test
show acl
time-range
event-list
rule (Layer 2 ACL)
Use this command to define a layer 2 ACL rule. Delete the rule
with no command.
Layer 2 ACL configuration
rule <rule-no>{permit | deny}{<ether-protocol>| any }[cos
<cos-value>][incos <cos-value>][dinvlan <vlan-id>][douterv
lan <vlan-id>][ingress {<source-mac><source-mac-wildcard>|
any}][egress {<dest-mac><dest-mac-wildcard>| any}][{time
-range <timerange-name>| event <event-name>}]
no rule <rule-no>
<rule-no>
permit
deny
<ether-protocol>
cos <cos-value>
incos <cos-value>
dinvlan <vlan-id>
doutervlan
<vlan-id>
ingress
ACL rule number, range: 1~100 or 1000
Permits the packet that matches this rule
Denies the packet that matches this rule
Ethernet type field, IP, ARP or a designated
number (0~65535)
802.1p priority, range: 0~7, outer
802.1p priority, range: 0~7, inside
Inside VLAN identifier
Outside VLAN identifier
Filters according to source MAC address