Chapter2ACLConguration
Syntax
Description
<protocol>Protocoltypetobematched,ICMP ,IP ,TCP
orUDP;integerstandingfortheIPprotocol
number ,range:0~254
<source>
SourceIPaddresstobematched,indotted
decimalformat
<source-wildcard>Wildcardmaskmatchingthesource,indotted
decimalformat
<source-port>
Sourceport
<destination>DestinationIPaddresstobematched,in
dotteddecimalformat
<destination-wildca
rd>
Wildcardmaskmatchingthedestination,in
dotteddecimalformat
<destination-port>
DestinationPort
time-range
<timerange-name>
Timerangename,thelengthisnotmorethan
31characters
logIndicatestheIPpacketmeetingtheruleis
conguredwiththelogfunction(Appliedto
ZXR10GARandZXR10ZSRonly)
Instructions�ForthestandardACL,theoption<source>usedfortheegress
andingressinterfacesmatcheswiththesourceIPaddress.For
theextendedACL,<source>matcheswiththesourceIPad-
dress,<destination>matcheswiththedestinationIPaddress.
�ForICMPprotocol,theICMPpackettypeeldisaninteger
(0~254)oraname.
�ForTCPandUDPprotocols,thereisanoperatorforcomparing
sourceanddestinationinterfaces.Itcanbele(≤),ge(≥)and
eq(=).Iftheoperatorisafter<source>and<source-wildca
rd>,itmeanstheinterfacenumberhastobenotmorethan,
equalto,notlessthanthissourceinterface.Iftheoperatoris
after<destination>and<destination-wildcard>,itmeansthe
interfacenumberhastobenotlessthan,equalto,ornotmore
thanthisdestinationinterface.Thereisaninteger(1~65535)
oranameoftheTCPorUDPinterfaceaftertheoperator .
�ForTCPprotocol,thereisasignaleld“established”indicating
theestablishmentoflinks.
�Foraccesscontrollist,thereisanlastentrywhichmatchesany
packetsbydefaultforeachlist,andthebehavioris“deny”.
�ICMPpackettype:
Information-request,mask-reply,mask-request,parame-
ter-problem,redirect,router-advertisement,router-solic-
itation,source-quench,time-exceeded,timestamp-reply,
timestamp-request,traceroute,unreachable
�TCPinterfacename:
BGP ,domain,nger ,FTP ,login,pop2,pop3,SMTP ,TELNET ,
WWW
�UDPinterfacename:
CondentialandProprietaryInformationofZTECORPORATION15
To Next Page
Loading...
