EasyManua.ls Logo

Zte ZXR10 5250 Series - ACL Configuration

Zte ZXR10 5250 Series
287 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter5ServiceConguration
5.11ACLConguration
ACLOverview
AnAccessControlList(ACL)isasequentialcollectionofpermissionsthatapplyto
packets.Whenapacketisreceivedonaninterface,theswitchcomparestheeldsin
thepacketagainstappliedACLstoverifythatthepackethastherequiredpermissionsto
beforwarded,basedonthecriteriaspeciedintheaccesslists.Ittestspacketsagainst
theconditionsinanaccesslistonebyone.Therstmatchdetermineswhetherthe
switchacceptsorrejectsthepacketsbecausetheswitchstopstestingconditionsafter
therstmatch.Theorderofconditionsinthelistiscritical.Ifnoconditionsmatch,the
switchrejectsthepackets.Iftherearenorestrictions,theswitchforwardsthepacket.
Otherwise,theswitchdropsthepacket.
TheZXR105250supportsthefollowingfunctions.
lTheZXR105250providestwobindingtypes,includingphysicalportandVLANport.
lACLrulescanbeadded,deleted,andsorted.
1.RulescanbeaddedtoaconguredACL.RegularIDnumberrangeis1-500.
2.ConguredACLcanbedeletedregularly.IfthespeciedACLinstancenumber
orrulenumberisnotcongured,afalsemessagewillreturn.
3.ManyrulesofanACLcanbesorted.Itisnecessarytospecifythepositionwhere
arulenumbershouldbemoved.
lAnACLcanbecomevalidaccordingtotheconguredtimerange.Afterconguring
absoluteorrelativetimerangeontheswitch,thetimerangecanbeappliedtotherule
oftheACL.Thiscausestheruletobevalidaccordingtothetimerangespecication.
lTheZXR105250providesthefollowingtentypesofACLs:
1.BasicACL:OnlymatchesthesourceIPaddress.
2.ExtendedACL:MatchesthesourceIPaddress,destinationIPaddress,IP
protocoltype,TCPsourceportnumber,TCPdestinationportnumber,UDP
sourceportnumber,UDPdestinationportnumber,ICMPtype,ICMPCodeand
DiffServCodePoint(DSCP).
3.L2ingressACL:MatchesthesourceMACaddress,destinationMACaddress,
sourceVLANIDand802.1ppriorityvalue,Ethernetnetworktypeand
DSAP/SSAP .
4.HybridingressACL:MatchessourceIPv4/IPv6address,destinationIPv4/IPv6
address,IPprotocoltype,TCPsourceportnumber,TCPdestinationportnumber,
UDPsourceportnumber,UDPdestinationportnumber,DiffServCodePoint
(DSCP),sourceMACaddress,destinationMACaddress,sourceVLANIDand
802.1ppriorityvalue.
5.GlobalACL:MatchesthesourceIPaddress,destinationIPaddress,IPprotocol
type,TCPsourceportnumber,TCPdestinationportnumber,UDPsourceport
number,UDPdestinationportnumber,DiffServCodePoint(DSCP),sourceMAC
address,destinationMACaddress,sourceVLANIDand802.1ppriorityvalue.
6.BasicegressACL:OnlymatchessourceIPaddress.
5-43
SJ-20131111172707-002|2013-11-27(R1.0)ZTEProprietaryandCondential

Table of Contents

Other manuals for Zte ZXR10 5250 Series

Preview: Command Reference
Command Reference708 pages

Related product manuals