EasyManua.ls Logo

Zte ZXR10 8900 Series - Chapter 9 ACL Configuration; ACL Overview

Zte ZXR10 8900 Series
186 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter9
ACLConfiguration
TableofContents
ACLOverview...................................................................77
NP-BasedACLOverview.....................................................78
ConguringACLs...............................................................79
ConguringEventLinkageACLRule.....................................85
ApplyingNP-BasedACL......................................................87
ACLCongurationExample.................................................88
ACLMaintenanceandDiagnosis...........................................89
ACLOverview
Packetlteringcanhelplimitnetworktrafcandrestrictnetwork
usebycertainusersordevices.ACLcanltertrafcasitpasses
througharouterandpermitordenypacketsatspeciedinter-
faces.
AnACLisasequentialcollectionofpermitanddenyconditionsthat
applytopackets.Whenapacketisreceivedonaninterface,the
switchcomparestheeldsinthepacketagainstanyappliedACL
toverifythatthepackethastherequiredpermissionstobefor-
warded,basedonthecriteriaspeciedintheaccesslists.Ittests
packetsagainsttheconditionsinanaccesslistonebyone.The
rstmatchdetermineswhethertheswitchacceptsorrejectsthe
packetsbecausetheswitchstopstestingconditionsaftertherst
match.Theorderofconditionsinthelistiscritical.Whenthere
arenoconditionsmatched,theswitchrejectsthepackets.Ifthere
arenorestrictions,theswitchforwardsthepacket;otherwise,the
switchdropsthepacket.
PacketmatchingrulesdenedbytheACLarealsousedinother
conditionswheredistinguishingtrafcisneeded.Forinstance,the
matchingrulescandenethetrafcclassicationruleintheQoS.
ZXR108900seriesswitchprovidesseventypesofACLs:
StandardACL
OnlysourceIPaddressesarematchedagainsttheACL.
ExtendedACL
Source/destinationIPaddress,IPprotocoltype,TCP
source/destinationportnumber ,TCP-control,UDPsource/des-
tinationportnumber ,ICMPtype,ICMPcode,DiffServCode
Point(DSCP),ToSandprecedencearematchedagainstthe
ACL.
CondentialandProprietaryInformationofZTECORPORATION77

Table of Contents

Other manuals for Zte ZXR10 8900 Series

Preview: Command Reference
Command Reference147 pages
Preview: Command Manual
Command Manual177 pages
Preview: Hardware Manual
Hardware Manual131 pages
Preview: Hardware Installation Manual
Hardware Installation Manual109 pages
Preview: Instructions
Instructions14 pages

Related product manuals