Operation Manual – ACL
Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1
ACL Configuration
Huawei Technologies Proprietary
1-6
1.3.3 Configuration Example
# Configure ACL 2000 to deny packets whose source IP address is 1.1.1.1.
<Quidway> system-view
[Quidway] acl number 2000
[Quidway-acl-basic-2000] rule deny source 1.1.1.1 0
[Quidway-acl-basic-2000] display acl 2000
Basic ACL 2000, 1 rule
Acl's step is 1
rule 0 deny source 1.1.1.1 0
1.4 Defining Advanced ACLs
Advanced ACLs define classification rules according to the source and destination IP
addresses of packets, the type of protocol over IP, and protocol-specific features such
as TCP/UDP source and destination ports, TCP flag bit, ICMP protocol type, code, and
so on.
The value range for advanced ACL numbers is 3,000 to 3,999.
Advanced ACLs support analysis and processing of three packet priority levels: type of
service (ToS) priority, IP priority and differentiated services codepoint Priority (DSCP).
Using advanced ACLs, you can define classification rules that are more accurate, more
abundant, and more flexible than those defined with basic ACLs.
1.4.1 Configuration Preparation
Before configuring an ACL rule containing time range arguments, you need to configure
define the corresponding time ranges. For the configuration of time ranges, refer to
section
1.2 “Configuring Time Ranges”.
The values of source and destination IP addresses, the type of the protocols carried by
IP, and protocol-specific features in the rule have been defined.
1.4.2 Configuration Procedure
Table 1-3 Define an advanced ACL rule
Operation Command Description
Enter system view
system-view
—
Create or enter
advanced ACL
view
acl number acl-number
[ match-order { config |
auto } ]
By the default, the match
order is config.
Define an rule
rule [ rule-id ] { permit |
deny } rule-string
Required
To Next Page
Loading...
Need help?
General