Chapter5ServiceConguration
4.HybridingressACL:300–399,supportIPv6
5.BasicegressACL:400–499
6.ExtendedegressACL:500–599
7.L2egressACL:600-699
8.HybridegressACL:700–799,supportsIPv6
9.GlobalACL:800
10.User-denedingressACL:801–828
lEachACLhasatmost500rulesandtherangeis1–500.
ConguringACL
TheACLcongurationincludesthefollowingcommands:
CommandFunction
zte(cfg)#setport<portlist>aclmode{port|vlan}SetsportACLbindingmode.
zte(cfg)#setport<portlist>acl<1-799,801
–
828>{enable|
disable}
BindsACLinstancetotheport.
zte(cfg)#setvlan<vlanlist>acl<1-399,801
–
828>{enable|
disable}
BindsACLinstancetotheVLAN.
zte(cfg)#setacl<1-799,801-828>rule<1-500>time-range
<word>{enable|disable}
ExecutesanACLactionina
specictimerange.
zte(cfg)#createacl<1-828>name<name>CreatesanACLname.
zte(cfg)#clearacl<1-828>nameClearsanACLname.
zte(cfg)#showport<portlist>acl-modeDisplaysportACLbindingmode.
zte(cfg)#configingress-aclbasicnumber<1-99>Createsandconguresabasic
ingressACLinstance.
zte(basic-acl-group)#rule<1-500>{permit|deny}{<source-ipa
ddr><sip-mask>|any}[fragment]
SetsabasicingressACLrule.
zte(cfg)#clearingress-aclbasicnumber<1-99>ClearsabasicingressACL
instance.
zte(cfg)#configingress-aclextendnumber<100-199>Createsandconguresan
extendedportACLinstance.
zte(extend-acl-group)#rule<1-500>{permit|
deny}<ip-protocol>{<source-ipaddr><sip-mask>|any}{<des
tination-ipaddr><dip-mask>|any}[dscp<0-63>][fragment]
Setstherulethatanextended
ingressACLisusedtomatch
speciedeldsofIPv4packets.
zte(extend-acl-group)#rule<1-500>{permit|deny}icmp
{<source-ipaddr><sip-mask>|any}{<destination-ipaddr><dip-mask>|
any}[icmp-type<0-254><icmp-code>][dscp<0-63>][fragment]
Setstherulethatanextended
ingressACLisusedtomatch
ICMPpackets.
zte(extend-acl-group)#rule<1-500>{permit|deny}ip
{<source-ipaddr><sip-mask>|any}{<destination-ipaddr><dip-mask>|
any}[dscp<0-63>][fragment]
Setstherulethatanextended
ingressACLisusedtomatchIP
packets.
5-45
SJ-20130731155059-002|2013-11-27(R1.0)ZTEProprietaryandCondential
To Next Page
Loading...
