Zte ZXA10 C300 - Chapter 8 ACL Configuration

To Next Page

To Previous Page

Chapter8

ACLConguration

ThenetworkdevicesusetheAccessControlList(ACL)tolterthedatapacketsandcontrol

thepolicyroutesandspecialows.ACLsetsaseriesofmatchingrulestoidentifythe

objectstobeltered,andpermitsordeniesthecorrespondingdatapackettopassthrough

accordingtothepresetpolicies.

AnACLcancontainoneormorerules.Theserulesenablethedevicetopermitordeny

thematchingtrafcaccordingtospecicparameters.AnACLcomparesthetrafcwith

eachruletillitndsamatchedrule.ThelastruleinanACLisanimplicitdenyrule.

OneinterfacesupportsonlyoneACL.

TheZXA10C300supportsthefollowingfourtypesofACLs:

lStandardACL

ThestandardACLisonlymatchedbythesourceIPaddress.

lExtendedACL

TheextendedACLismatchedbythesourceIPaddress,destinationIPaddress,

IPprotocoltype,TCP/UDPsource/destinationportnumber,ICMPtype,IGMPtype,

DSCP,T oS,andIPpriority.

lLayer-2ACL

Thelayer-2ACLismatchedbythesourceMACaddress,destinationMACaddress,

sourceVLANID,layer-2Ethernetprotocoltype,and802.1ppriorityvalue.

lHybridACL

ThehybridACLismatchedbythesourceMACaddress,destinationMAC

address,sourceVLANID,sourceIPaddress,destinationIPaddress,TCP/UDP

source/destinationportnumber,includingallthematchingeldsofthepreceding

threetypes.

lIPv6hybridACL

ItistheIPv6-basedhybridACL.

TableofContents

ConguringaStandardACL.......................................................................................8-2

ConguringanExtendedACL....................................................................................8-3

ConguringaLayer-2ACL.........................................................................................8-4

ConguringaHybridACL...........................................................................................

8-6

ConguringanIPv6HybridACL.................................................................................8-7

8-1

SJ-20130520164529-007|2013-06-30(R1.0)ZTEProprietaryandCondential

Other manuals for Zte ZXA10 C300