ZXR105900/5200SeriesUserManual(BasicCongurationVolume)
Step
CommandFunction
5
ZXR10(config-ext-acl)#rule<rule-no>{permit|den
y}{<source><source-wildcard>|any}[<rule><port
>]{<dest><dest-wildcard>|any}[<rule><port>][{[p
recedence<pre-value>][tos<tos-value>]}|dscp
<dscp-value>][fragment][time-range<timerange-
name>]
Thiscongurestherules
basedonUDP .
6
ZXR10(config-ext-acl)#move<rule-no>{after|
before}<rule-no>
Thismovesarulebehind
anotherrule.
ExampleThisshowsanextendedACLtoperformthefollowingfunctions.
1.PermitUDPpacketsfromthenetworksegment
210.168.1.0/24,thedestinationIPaddress210.168.2.10,the
sourceport100andthedestinationport200topass.
2.ForbidtheBGPpacketsfromthenetworksegment
192.168.2.0/24passing.
3.ForbidallICMPpackets.
4.ForbidallpacketswiththeIPprotocolNo.8.
ZXR10(config)#aclextendnumber150
ZXR10(config-ext-acl)#rule1permitudp210.168.1.00.0.0.255
eq100210.168.2.100.0.0.0eq200
ZXR10(config-ext-acl)#rule2denytcp192.168.2.00.0.0.255
eqbgpany
ZXR10(config-ext-acl)#rule3denyicmpanyany
ZXR10(config-ext-acl)#rule4deny8anyany
ConfiguringL2ACL
Step
CommandFunction
1
ZXR10(config)#acllinknumber<acl-number>ThisenterstheL2ACL
congurationmode.
2
ZXR10(config-link-acl)#Rule<rule-no>{permit|de
ny}<protocol-number|any>[cos<value>][ingress
{<source-mac><source-mac-wildcard>|any}[vlan-id
<vlan>]][engress{<dest-mac><dest-mac-wildcard>|
any}][time-range<timerange-name>]
Thiscongurestherulesof
ACL.
3
ZXR10(config-link-acl)#move<rule-no>{after|
before}<rule-no>
Thismovesarulebehind
anotherrule.
ExampleInthisexample,deneaL2ACLtopermitIPpacketswiththe
sourceMACaddressas00d0.d0c0.5741andthe802.1pas5from
VLAN10.
ZXR10(config)#acllinknumber200
ZXR10(config-link-acl)#rule1permitanycos5douter10
ingress00d0.d0c0.57410000.0000.0000
62CondentialandProprietaryInformationofZTECORPORATION
To Next Page
Loading...
