EasyManuals Logo
Home>Zte>Switch>ZXR10 2928E-PS

Zte ZXR10 2928E-PS User Manual

Zte ZXR10 2928E-PS
266 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #88 background imageLoading...
Page #88 background image
ZXR102900ESeriesConīšægurationGuide
4.12ACLConī›€guration
ACLOverview
AnAccessControlList(ACL)isasequentialcollectionofpermitanddenyconditionsthat
applytopackets.Whenapacketisreceivedonaninterface,theswitchcomparesthe
īšæeldsinthepacketagainstanyappliedACLā€™stoverifythatthepackethastherequired
permissionstobeforwarded,basedonthecriteriaspeciīšæedintheaccesslists.Ittests
packetsagainsttheconditionsinanaccesslistonebyone.Theīšærstmatchdetermines
whethertheswitchacceptsorrejectsthepacketsbecausetheswitchstopstesting
conditionsaftertheīšærstmatch.Theorderofconditionsinthelistiscritical.Ifnoconditions
match,theswitchrejectsthepackets.Iftherearenorestrictions,theswitchforwardsthe
packet.otherwise,theswitchdropsthepacket.
TheZXR102900Esupportsthefollowingfunctions.
lTheZXR102900EprovidestwobindingtypesincludingphysicalportandVLANport.
lACLrulecanbeadded,deleted,sorted.
1.RulecanbeaddedtoaconīšæguredACL.RegularIDnumberrangeis1-500.
2.ConīšæguredACLcanbedeletedregularly.IfthespeciīšæedACLinstancenumber
orrulenumberhasnā€™tbeenconīšægured,afalsemessagewillreturn.
3.ManyrulesofanACLcanbesortedandonlyneedtospecifytheplacewhererule
numberneedtobemoved.
lAnACLcanbecomevalidaccordingtoconīšæguredtimerange.Afterconīšæguring
absoluteorrelativetimerangeontheswitch,timerangecanbeappliedtotheruleof
ACL.Thiscausestheruletobevalidaccordingtothetimerangespeciīšæcation.
lTheZXR102900EprovidesthefollowingīšævetypesofACLs:
1.BasicACL:OnlymatchsourceIPaddress.
2.ExtendedACL:MatchsourceIPaddress,destinationIPaddress,IPprotocoltype,
TCPsourceportnumber,TCPdestinationportnumber,UDPsourceportnumber,
UDPdestinationportnumber,ICMPtype,ICMPCodeandDiffServCodePoint
(DSCP).
3.L2ingressACL:MatchsourceMACaddress,destinationMACaddress,source
VLANIDand802.1ppriorityvalue,EthernetnetworktypeandDSAP/SSAP .
4.HybridingressACL:MatchSourceIPv4/IPv6address,destinationIPv4/IPv6
address,IPprotocoltype,TCPsourceportnumber,TCPdestinationportnumber,
UDPsourceportnumber,UDPdestinationportnumber,DiffServCodePoint
(DSCP),sourceMACaddress,destinationMACaddress,sourceVLANIDand
802.1ppriorityvalue.
5.GlobalACL:MatchSourceIPaddress,destinationIPaddress,IPprotocoltype,
TCPsourceportnumber,TCPdestinationportnumber,UDPsourceportnumber,
UDPdestinationportnumber,DiffServCodePoint(DSCP),sourceMACaddress,
destinationMACaddress,sourceVLANIDand802.1ppriorityvalue.
6.BasicegressACL:OnlymatchsourceIPaddress.
7.ExtendedegressACL:MatchsourceIPaddress,destinationIPaddress,IP
protocoltype,TCPsourceportnumber,TCPdestinationportnumber,UDP
4-42
SJ-20120409144109-002|2012-07-02(R1.0)ZTEProprietaryandConīšædential

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Zte ZXR10 2928E-PS and is the answer not in the manual?

Zte ZXR10 2928E-PS Specifications

General IconGeneral
BrandZte
ModelZXR10 2928E-PS
CategorySwitch
LanguageEnglish

Related product manuals