EasyManua.ls Logo

Zte ZXR10 2900 Series - ACL Configuration; ACL Overview

Zte ZXR10 2900 Series
262 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter7ServiceConguration
ACLConfiguration
ACLOverview
AnAccessControlList(ACL)isasequentialcollectionofpermit
anddenyconditionsthatapplytopackets.Whenapacketisre-
ceivedonaninterface,theswitchcomparestheeldsinthepacket
againstanyappliedACLstoverifythatthepackethastherequired
permissionstobeforwarded,basedonthecriteriaspeciedinthe
accesslists.Ittestspacketsagainsttheconditionsinanaccess
listonebyone.Therstmatchdetermineswhethertheswitch
acceptsorrejectsthepacketsbecausetheswitchstopstesting
conditionsaftertherstmatch.Theorderofconditionsinthelist
iscritical.Ifnoconditionsmatch,theswitchrejectsthepackets.
Iftherearenorestrictions,theswitchforwardsthepacket.oth-
erwise,theswitchdropsthepacket.
ZXR102920/2928/2952/2936-FIsupportsthefollowingfunctions.
1.ZXR102920/2928/2952/2936-FIprovidestwobindingtypes
includingphysicalportandTrunkGroups.Whenaphysicalport
isaddedintoaTrunkGroupsandhasbeenboundedanACL,
currentboundwillbereleasedrst,otherwise,afalsemessage
willreturn.WhenACLisappliedtoTrunkGroups,physicalport
willbeboundwithACLautomatically.
2.ACLrulecanbeadded,deleted,sorted.
i.RulecanbeaddedtoaconguredACL.RegularIDnumber
rangeis1-500.
ii.ConguredACLcanbedeletedregularly.Ifthespecied
ACLinstancenumberorrulenumberhasn’tbeencong-
ured,afalsemessagewillreturn.
iii.ManyrulesofanACLcanbesortedandonlyneedtospecify
theplacewhererulenumberneedtobemoved.
3.AnACLcanbecomevalidaccordingtoconguredtimerange.
Afterconguringabsoluteorrelativetimerangeontheswitch,
timerangecanbeappliedtotheruleofACL.Thiscausesthe
ruletobevalidaccordingtothetimerangespecication.
4.ZXR102920/2928/2952/2936-FIprovidesthefollowingve
typesofACLs:
i.BasicACL:OnlymatchsourceIPaddress.
ii.ExtendedACL:MatchsourceIPaddress,destinationIPad-
dress,IPprotocoltype,TCPsourceportnumber ,TCPdes-
tinationportnumber ,UDPsourceportnumber ,UDPdes-
tinationportnumber ,ICMPtype,ICMPCodeandDiffServ
CodePoint(DSCP).
iii.L2ACL:MatchsourceMACaddress,destinationMACad-
dress,sourceVLANIDand802.1ppriorityvalue.
iv.MatchSourceIPV4/IPV6address,destinationIPV4/IPV6
address,IPprotocoltype,TCPsourceportnumber ,TCP
destinationportnumber ,UDPsourceportnumber ,UDP
destinationportnumber ,DiffServCodePoint(DSCP),
CondentialandProprietaryInformationofZTECORPORATION147

Table of Contents

Related product manuals