Configuring Access Control Rules; Access Control Rule Overview; Configuring Access Control Rule - Zte ZXR10 8900 Series User Manual

10g routing switch

Hide thumbs Also See for ZXR10 8900 Series:

User manual (186 pages)

Command manual (177 pages)

Command reference manual (147 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

page of 147

/ 147
Contents
Table of Contents
Bookmarks

Table of Contents

ZXR10 8900 Series User Manual (FW Volume)

Configuring Access Control

Rules

Access Control Rule Overview

As for access control rule, FW card permits or denies the packets

matching access control rule to pass through.

After receiving one packet, FW will match it with all rules in ACL se-

quentially. Once matched rule is found, FW processes this packet

according to operation (permit or drop) specified by this policy and

not check default area attribute. In case matched access rule is

unavailable, FW card will process this packet according to default

attribute (permit or deny) of the area where destination interface

locates.

Before querying access control rule, FW card will query if the

packet matches destination address translation rule. If the packet

matches destination address translation rule, FW card will trans-

late destination IP address of received packet to preset IP address

(actual IP address in usual cases).

Therefore, when setting

access control rule, system uses actual source and destination

addresses (destination address after translation) to set access

rule; meanwhile, system supports to set access rule according to

destination address before translation. In this case, packet will

match access control rule according to destination address before

translation.

By defining access control rule, that is defining match rule of

packet, FW card can identify and match packet from various

aspects such as area, VLAN, address, user, connection and time.

Source and destination of access control rule can be preset

VLAN/area or one or more address resources and user group

resources.

Configuring Access Control Rule

This topic describes configuration commands and configuration ex-

amples of access control rule.

User can control L3-L7 access flexibly and powerfully by setting

access control rule. FW card can identify and match packet from

various aspects such as area, VLAN, address, user, connection and

time. What's more, FW card can perform deep data detection and

filtering for various application layer protocols. Similar to packet

filtering policy, packet matches access control rules sequentially.

However, there is no default rule for access control rule. That's to

say, if no Deny All rule is attached to the end of ACL, system will

process this packet according to default attribute (permit or deny)

of area where destination interface locates.

To access this command module, execute the following command:

#firewall

Confidential and Proprietary Information of ZTE CORPORATION

Table of Contents

Configuring Access Control Rules; Access Control Rule Overview; Configuring Access Control Rule - Zte ZXR10 8900 Series User Manual

Access Control Rule Overview

Configuring Access Control Rule

Related Manuals for Zte ZXR10 8900 Series

Related Content for Zte ZXR10 8900 Series

Table of Contents