EasyManua.ls Logo

Zte ZXR10 5900 Series - Configuring Hybrid ACL

Zte ZXR10 5900 Series
208 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter7ACLConguration
ConfiguringHybridACL
Step
CommandFunction
1
ZXR10(config)#aclhybrid{number<acl-number>|n
ame<acl-name>}
ThisentersthehybridACL
conguration.
2
ZXR10(config-hybd-acl)#rule<rule-no>{permit|d
eny}{<ip-number>|ip}{<source><source-wildc
ard>|any}{<dest><dest-wildcard>|any}{[any
|<etherprotocol>]}[cos<0-7>][<vlan-id>][ingress
<source-mac><source-mac-wildcard>egress
<dest-mac><dest-mac-wildcard>][time-range
<timerange-name>]
Thiscongurestherules
basedonIPorIPprotocol
number(excludedICMP ,TCP ,
UDP).
3
ZXR10(config-hybd-acl)#rule<rule-no>{pe
rmit|deny}{<source><source-wildcard>|
any}{[<dest-ip><dest-wildcard>|any{ethe
r-protocol}[<vlan-id>][cos<value>][egress
<dst-mac><dst-wildcard>][ingress<sor-mac><s
or-wildcard>][time-range<range-name>]][eq
<port-number>{<dst-mac><dst-wildcard>|
any}<ether-protocol>[<vlan-id>][cos<value
>][egress<dst-mac><dst-wildcard>][ingress
<sor-mac><sor-wildcard>][time-range
<range-name>]]}
Thiscongurestherules
basedonTCP .
4
ZXR10(config-hybd-acl)#rule<rule-no>{pe
rmit|deny}{<source><source-wildcard>|
any}{[<dest-ip><dest-wildcard>|any{ethe
r-protocol}[<vlan-id>][cos<value>][egress
<dst-mac><dst-wildcard>][ingress<sor-mac><s
or-wildcard>][time-range<range-name>]][eq
<port-number>{<dst-mac><dst-wildcard>|
any}<ether-protocol>[<vlan-id>][cos<value
>][egress<dst-mac><dst-wildcard>][ingress
<sor-mac><sor-wildcard>][time-range
<range-name>]]}
Thiscongurestherules
basedonUDP .
5
ZXR10(config-hybd-acl)#move<rule-no>{after|
before}<rule-no>
Thismovesarulebehind
anotherrule.
ExampleThisshowsanextendedACLtoperformthefollowingfunctions:
1.PermitUDPpacketsfromthenetworksegment
210.168.1.0/24,thedestinationIPaddress210.168.2.10,
destinationMACaddress00d0.d0c0.5741,thesourceport
100andthedestinationport200topass.
2.ForbidtheBGPpacketsfromthenetworksegment
192.168.3.0/24passing.
3.ForbidallpacketswiththeMACaddress0100.2563.1425.
ZXR10(config)#aclhybridnumber300
ZXR10(config-hybd-acl)#rule1permitudp210.168.1.00.0.0.255Eq
100210.168.2.100.0.0.0eq200anyEgress
00d0.d0c0.57410000.0000.0000
ZXR10(config-hybd-acl)#rule2denytcp192.168.3.00.0.0.255
EqBGPanyany
ZXR10(config-hybd-acl)#rule3denyanyanyanyingress
0100.2563.14250000.0000.0000
CondentialandProprietaryInformationofZTECORPORATION63

Table of Contents

Other manuals for Zte ZXR10 5900 Series

Preview: Hardware Manual
Hardware Manual53 pages

Related product manuals