ZXR10 ZSR V2 Series Router Product Description
36 ZTE Confidential & Proprietary
For router interface, a configured access control list will only take effect when it is
applied on an interface. As data flow passing an interface is bidirectional, the access
control list should be adopted on the interface in one specific direction, which is
egress direction (i.e. data flow moves away from router) or ingress direction (i.e. data
flow enters router)
There are three procedures for implementing access control list on an interface:
1. Define access control list
2. Define the interfaces on which the access control list will be implemented
3. Define the direction in which the access control list will be implemented on the
interface
While using ACL, firstly the type of ACL is classified via ACL number, and then
packets are compared with the configured ACL to see if the packets are permitted to
pass through the interface. The rule of ACL processing is, beginning items are given
the highest priority, in other words, as per the sequence of access control list. The
processing will stop when there is one item matching to the configured control list.
Therefore, the sequence is very important when configuring access control list, and
items with high priorities should be put in the beginning. If there is an exact match for
the packet, it will be permitted or denied to pass through the interface according to
the specified fields ‘permit’ or ‘deny’. If there is no exact match for the packet, it will
follow the default filtering principle, i.e. this unmatched packet will be denied to pass
through the interface.
ZXR10 ZSR V2 supports the ACL features are as follows:
Support standard ACL and extended ACL
Support L2 ACL, L3 ACL and L2/L3 hybrid ACL
Support ACL Time-range
Support ACL log statistics
Support statistical Hit rate
To Next Page
Loading...
