Operation Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration
Huawei Technologies Proprietary
1-12
Defining ACL by following the steps below:
1) enter the corresponding ACL view
2) add a rule to the ACL
You can add multiple rules to one ACL.
Note:
z If a specific time rang is not defined, the ACL will always function after activated.
z During the process of defining the ACL, you can use the rule command for several
times to define multiple rules for an ACL.
z If ACL is used for filter or classify the data transmitted by the hardware of switch, the
match order defined in the acl command will not be effective. If ACL is used for filter
or classify the data treated by the software of switch, the match order of ACL’s
sub-rules will be effective. Besides, once the user specifies the match-order of an
ACL rule, he cannot modify it later.
z The default matching-order of ACL is config, i.e. following the order as that
configured by the user.
I. Defining the basic ACL
The rules of the basic ACL are defined on the basis of the Layer-3 source IP address to
analyze the data packets.
You can use the following command to define basic ACL.
Perform the following configuration in corresponding view.
Table 1-12 Defining the basic ACL
Operation Command
Enter basic ACL view(from system
view)
acl { number acl-number | name
acl-name basic } [ match-order
{ config | auto } ]
add a sub-item to the ACL(from basic
ACL view)
rule [ rule-id ] { permit | deny } [ source
source-addr wildcard | any ] [ fragment ]
[ time-range name ]
delete a sub-item from the ACL(from
basic ACL view)
undo rule rule-id [ source ] [ fragment ]
[ time-range ]
Delete one ACL or all the ACL(from
system view)
undo acl { number acl-number | name
acl-name | all }
To Next Page
Loading...
