vpn-instance-name | [ dscp dscp | [ tos tos | precedence precedence ]
*
] | [ fragment | none-
first-fragment ] ]
*
l Configure an advanced ACL rule based on the protocol over IP.
– When the Internet Control Management Protocol (ICMP) is used, run:
rule { deny | permit } { protocol-number | icmp } [ destination { destination-address
destination-wildcard | any } | icmp-type { icmp-name | icmp-type icmp-code } | source
{ source-address source-wildcard | any } | time-range time-name | vpn-instance vpn-
instance-name | [ dscp dscp | [ tos tos | precedence precedence ]
*
] | [ fragment | none-
first-fragment ] ]
*
– When the Transmission Control Protocol (TCP) is used, run:
rule { deny | permit } { protocol-number | tcp } [ destination { destination-address
destination-wildcard | any } | destination-port { eq | gt | lt | range } port | source
{ source-address source-wildcard | any } | source-port { eq | gt | lt | range } port | tcp-
flag { ack | fin | psh | rst | syn | urg }
*
| time-range time-name | vpn-instance vpn-
instance-name | [ dscp dscp | [ tos tos | precedence precedence ]
*
] | [ fragment | none-
first-fragment ] ]
*
– When the User Datagram Protocol (UDP) is used, run:
rule { deny | permit }{ protocol-number | udp } [ destination { destination-address
destination-wildcard | any } | destination-port { eq | gt | lt | range } port | source
{ source-address source-wildcard | any } | source-port { eq | gt | lt | range } port | time-
range time-name | vpn-instance vpn-instance-name | [ dscp dscp | [ tos tos |
precedence precedence ]
*
] | [ fragment | none-first-fragment ] ]
*
– When the Generic Routing Encapsulation (GRE), Internet Group Management Protocol
(IGMP), IPinIP, or Open Shortest Path First (OSPF) is used, run:
rule { deny | permit } { protocol-number | gre | igmp | ipinip | ospf } [ destination
{ destination-address destination-wildcard | any } | source { source-address source-
wildcard | any } | time-range time-name | vpn-instance vpn-instance-name | [ dscp
dscp | [ tos tos | precedence precedence ]
*
] | [ fragment | none-first-fragment ] ]
*
To configure multiple rules, repeat this step.
NOTE
If the rule ID is not specified, the step value is used as the start rule ID.
If different rules are ANDed or ORed, configure a correct matching order to prevent incorrect configurations.
Step 3 (Optional) Run:
rule rule-id description text
The description of the advanced ACL rule is configured.
The description of an ACL rule describes the function or usage of the ACL rule. It is used to
differentiate ACL rules.
----End
Follow-up Procedure
After an advanced ACL rule is configured, perform the following operations as required:
l Run the step command to change the step value.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security 10 ACL Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
199
To Next Page
Loading...
Need help?
General
