Zte ZXR10 8900 Series - Defining Extended ACL

To Next Page

To Previous Page

ZXR108900SeriesUserManual(BasicCongurationVolume)

ZXR10(config-std-acl)#rule2permit192.168.1.00.0.0.255

DefiningExtendedACL

TocongureextendedACL,performthefollowingsteps.

Step

CommandFunction

ZXR10(config)#aclextend{number<acl-number>|n

ame<acl-name>|alias<alias-name>}[match-order

{auto|config}]

ThisentersextendedACL

congurationmode

ZXR10(config-ext-acl)#rule<rule-no>{permit|deny}

icmp{<source><source-wildcard>|any}{<dest

><dest-wildcard>|any}[<icmp-type>[icmp-code

<icmp-code>]][precedence<pre-value>][tos

<tos-value>][dscp<dscp-value>][time-range

<timerange-name>]

ThisdenesICMP-basedrules

ZXR10(config-ext-acl)#rule<rule-no>{permit|deny

}{<ip-number>|ip}{<source><source-wildcard>|a

ny}{<dest><dest-wildcard>|any}[{[precedence

<pre-value>][tos<tos-value>]}|dscp<dscp-value

>][time-range<timerange-name>]

Thisdenesrulesonthebasis

ofIPorIPprotocolcode

ZXR10(config-ext-acl)#rule<rule-no>{permit|deny}

tcp{<source><source-wildcard>|any}[<rule><p

ort>]{<dest><dest-wildcard>|any}[<rule><port

>][established][{[precedence<pre-value>][tos

<tos-value>]}|dscp<dscp-value>][tcp-control<tcp

-control-value>][time-range<timerange-name>]

ThisdenesTCP-basedrules

ZXR10(config-ext-acl)#rule<rule-no>{permit|deny}

udp{<source><source-wildcard>|any}[<rule><port

>]{<dest><dest-wildcard>|any}[<rule><port>][{[p

recedence<pre-value>][tos<tos-value>]}|dscp

<dscp-value>][time-range<timerange-name>]

ThisdenesUDP-basedrules

ZXR10(config-ext-acl)#move<rule-no>after

<rule-no>

Thismovesarule

ZXR10(config-ext-acl)#attachtime-range<Time

rangename>to<ruleid>

Thisbindsatimerangetoa

rule

ExampleThisexampledescribeshowtocongureanextendedACL.Itis

requiredtoimplementthefollowingfunctions:

�PermitUDPpacketsfromnetworksegment210.168.1.0/24,

destinationIPaddressis210.168.2.10,sourceportis100and

destinationportis200topass.

�DeniesBGPmessagesfromnetwork192.168.2.0/24.

�DeniesallICMPmessages.

�DeniesallmessageswithIPprotocolcode8.

ZXR10(config)#aclextendnumber150

ZXR10(config-ext-acl)#rule1permitudp210.168.1.00.0.0.255

Eq100210.168.2.100.0.0.0eq200

ZXR10(config-ext-acl)#rule2denytcp192.168.2.00.0.0.255

EqBGPany

ZXR10(config-ext-acl)#rule3denyicmpanyany

80CondentialandProprietaryInformationofZTECORPORATION

Main Page

Zte ZXR10 8900 Series - Defining Extended ACL

Table of Contents

Other manuals for Zte ZXR10 8900 Series

Related product manuals