Chapter4ServiceConîš¿guration
4.13.40ingress-aclglobalruletype-ip
Purpose
ThiscommandsetstherulethattheglobalingressACLmatchestheIPv4packet.
CommandMode
GlobalingressACLconîš¿gurationmode
Syntax
rule<1-500>{permit|deny}port{<1-28>|any}ip{<source-ipaddr><sip-mask>|any}{<destinat
ion-ipaddr><dip-mask>|any}[dscp<0-63>][fragment][cos<0-7>][<vlan-id>[<vlan-mask>]][<s
ource-mac><smac-mask>|any][<dest-mac><dmac-mask>|any]
ParameterDescription
ParameterDescription
<1-16>Globalrulenumber.
permitIftheconditionmatches,accessispermitted.
denyIftheconditionmatches,accessisdenied.
<1-28>
Bindstheglobalruletoaport.Differentdeviceshavedifferent
portnumberranges.Inthesyntax,the5250-28TCdeviceisused
asanexample.
any(îš¿rst)Bindstheglobalruletoallports.
ip
ThisruleonlymatchesIPpacket.Thenon-IPpacketignoresthis
rule.
<source-ipaddr>
IPaddressofthesourcenetworkorhosttransmittingpackets.Itis
a32-bitIPaddressexpressedindotteddecimalnotation.
<sip-mask>
Sourcemaskusedforsources.Itisa32-bitIPaddressexpressed
indotteddecimalnotation.
any(second)
Theanykeywordisusedastheabbreviationofthedestination
0.0.0.0andthedestinationmask0.0.0.0.
<destination-ipaddr>
Destinationnetworkorhostofthetransmittedpacket.Itisa32-bit
IPaddressexpressedindotteddecimalnotation.
<dip-mask>
Destinationmaskusedfordestination.Itisa32-bitIPaddress
expressedindotteddecimalnotation.
any(third)
Theanykeywordisusedastheabbreviationofthedestination
0.0.0.0andthedestinationmask0.0.0.0.
4-251
SJ-20131111172707-003|2013-11-27(R1.0)ZTEProprietaryandConîš¿dential
To Next Page
Loading...
Need help?
General