Defining Advanced Acls - Huawei Quidway S3900 Series Operation Manual

Operation Manual – ACL
Quidway S3900 Series Ethernet Switches-Release 1510
1.3.3 Configuration Example
# Configure ACL 2000 to deny packets whose source IP address is 1.1.1.1.
<Quidway> system-view
[Quidway] acl number 2000
[Quidway-acl-basic-2000] rule deny source 1.1.1.1 0
[Quidway-acl-basic-2000] display acl 2000
Basic ACL
Acl's step is 1
rule 0 deny source 1.1.1.1 0

1.4 Defining Advanced ACLs

Advanced ACLs define classification rules according to the source and destination IP
addresses of packets, the type of protocol over IP, and protocol-specific features such
as TCP/UDP source and destination ports, TCP flag bit, ICMP protocol type, code, and
so on.
The value range for advanced ACL numbers is 3,000 to 3,999.
Advanced ACLs support analysis and processing of three packet priority levels: type of
service (ToS) priority, IP priority and differentiated services codepoint Priority (DSCP).
Using advanced ACLs, you can define classification rules that are more accurate, more
abundant, and more flexible than those defined with basic ACLs.
1.4.1 Configuration Preparation
Before configuring an ACL rule containing time range arguments, you need to configure
define the corresponding time ranges. For the configuration of time ranges, refer to
section 1.2 "Configuring Time Ranges".
The values of source and destination IP addresses, the type of the protocols carried by
IP, and protocol-specific features in the rule have been defined.
1.4.2 Configuration Procedure
Table 1-3 Define an advanced ACL rule
Operation
Enter system view
Create
advanced
view
Define an rule
2000, 1 rule
Command
system-view
or enter acl number
ACL [ match-order { config |
auto } ]
rule [ rule-id ] { permit |
deny } rule-string
Huawei Technologies Proprietary
—
acl-number
By the default, the match
order is config.
Required
1-6
Chapter 1 ACL Configuration
Description