Zte ZXR10 5900 Series - Configuring Basic ACL Rule; Configuring Extended ACL

To Next Page

To Previous Page

Chapter7ACLConguration

1.Ifapacketmatchesmultiplerulesatthesametime,therst

matchedruleshallapply.Therefore,thesequenceofthese

rulesiscriticalimportant.Inusualcases,therulewithsmaller

rangeisputaheadandtherulewithlargerrangeisputbehind.

2.T akingnetworksecurityintoaccount,animplicitDenyruleis

automaticallyattachedtotheendofeachACLtodenyallpack-

ets.Therefore,aPermitruleisusuallyconguredattheend

ofACLtopermitallpacketstopassthrough.

ConfiguringBasicACLRule

Step

CommandFunction

ZXR10(config)#aclstandard{number<acl-number

>|name<acl-name>}

ThisentersthestandardACL

congurationmode.

ZXR10(config-std-acl)#rule<1-100>{permit|deny

}{<source>[<source-wildcard>]|any}[time-range

<timerange-name>]

Thiscongurestherulesof

ACL.

ZXR10(config-std-acl)#move<rule-no>{after|

before}<rule-no>

Thismovesarulebehindof

anotherrule.

ExampleThisexampledenesastandardACL.TheACLpermitspackets

fromthenetworksegment192.168.1.0/24topass,butreject

packetswiththesourceIPaddressof192.168.1.100.

ZXR10(config)#aclstandardnumber10

ZXR10(config-std-acl)#rule1deny192.168.1.1000.0.0.0

ZXR10(config-std-acl)#rule2permit192.168.1.00.0.0.255

ConfiguringExtendedACL

Step

CommandFunction

ZXR10(config)#aclextend{number<acl-number>|n

ame<acl-name>}

ThisenterstheextendedACL

conguration.

ZXR10(config-ext-acl)#rule<rule-no>{permit|d

eny}{<source><source-wildcard>|any}{<dest

><dest-wildcard>|any}[<icmp-type>[icmp-code

<icmp-code>]][{[precedence<pre-value>][tos

<tos-value>]}|dscp<dscp-value>][fragment][time-

range<timerange-name>]

Thiscongurestherules

basedonICMP .

ZXR10(config-ext-acl)#rule<rule-no>{permit|deny

}{<ip-number>|ip}{<source><source-wildcard>|a

ny}{<dest><dest-wildcard>|any}[{[precedence

<pre-value>][tos<tos-value>]}|dscp<dscp-value

>][fragment][time-range<timerange-name>]

Thiscongurestherules

basedonIPorIPprotocol

number(excludedICMP ,TCP ,

UDP)

ZXR10(config-ext-acl)#rule<rule-no>{permit|den

y}{<source><source-wildcard>|any}[<rule><port

>]{<dest><dest-wildcard>|any}[<rule><port>][est

ablished][{[precedence<pre-value>][tos<tos-val

ue>]}|dscp<dscp-value>][fragment][time-range

<timerange-name>]

Thiscongurestherules

basedonTCP .

CondentialandProprietaryInformationofZTECORPORATION61

Main Page

Zte ZXR10 5900 Series - Configuring Basic ACL Rule; Configuring Extended ACL

Table of Contents

Other manuals for Zte ZXR10 5900 Series

Related product manuals