EasyManuals Logo
Home>Huawei>Network Router>AR1200-S

Huawei AR1200-S User Manual

Huawei AR1200-S
308 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #214 background imageLoading...
Page #214 background image
l Run the rule command with rule-id specified to add a new rule between existing rules when
the configuration order is used.
10.4.5 Applying an Advanced ACL
An advanced ACL can be applied to some services and functions to classify packets.
Prerequisites
An advanced ACL has been created and rules have been configured in the advanced ACL.
Context
An advanced ACL can be applied to the following services and functions:
l Traffic classifier
l Blacklist for local attack defense
l IP multicast
l IPSec
l Firewall
l NAT
l Packet filtering on an interface
Procedure
l Apply an advanced ACL to a traffic classifier.
To provide differentiated services based on packet information, configure traffic classifiers.
Advanced ACLs can be referenced by traffic classifiers to define rules for classifying
traffic. For details, see Configuring a Traffic Classifier.
l Apply an advanced ACL to add specified users to the blacklist for local attack defense.
A blacklist is a set of unauthorized users. The AR1200-S uses advanced ACLs to add users
with a specific characteristic to a blacklist and discards the packets from the users in the
blacklist. For details, see 9.4.3 (Optional) Configuring a Blacklist.
l Apply an advanced ACL to IP multicast.
Certain functions of the Internet Group Management Protocol (IGMP), Protocol
Independent Multicast-Dense Mode (PIM-DM) and Protocol Independent Multicast-
Sparse Mode (PIM-SM) need to reference advanced ACLs. For details, see Configuration
Guide - Multicast.
l Apply an advanced ACL to IPSec.
The IP Security (IPSec) protocol family is a series of protocols defined by the Internet
Engineering Task Force (IETF). This protocol family provides high quality, interoperable,
and cryptology-based security for IP packets. IPSec peers can use various security
protection measures (authentication, encryption, or both) on different data flows. The
AR1200-S can use advanced ACLs to define data flows. For details, see IPSec
Configuration.
l Apply an advanced ACL to a firewall.
The attack defense system protects an internal network against attacks from external
networks. Generally, firewalls are deployed between the internal and external networks to
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security 10 ACL Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
200

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Huawei AR1200-S and is the answer not in the manual?

Huawei AR1200-S Specifications

General IconGeneral
BrandHuawei
ModelAR1200-S
CategoryNetwork Router
LanguageEnglish

Related product manuals