EasyManuals Logo
Home>Zte>Switch>ZXR10 5900 Series

Zte ZXR10 5900 Series User Manual

Zte ZXR10 5900 Series
208 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #75 background imageLoading...
Page #75 background image
Chapter7ACLConîš¿guration
1.Ifapacketmatchesmultiplerulesatthesametime,theîš¿rst
matchedruleshallapply.Therefore,thesequenceofthese
rulesiscriticalimportant.Inusualcases,therulewithsmaller
rangeisputaheadandtherulewithlargerrangeisputbehind.
2.T akingnetworksecurityintoaccount,animplicitDenyruleis
automaticallyattachedtotheendofeachACLtodenyallpack-
ets.Therefore,aPermitruleisusuallyconîš¿guredattheend
ofACLtopermitallpacketstopassthrough.
ConfiguringBasicACLRule
Step
CommandFunction
1
ZXR10(config)#aclstandard{number<acl-number
>|name<acl-name>}
ThisentersthestandardACL
conîš¿gurationmode.
2
ZXR10(config-std-acl)#rule<1-100>{permit|deny
}{<source>[<source-wildcard>]|any}[time-range
<timerange-name>]
Thisconîš¿gurestherulesof
ACL.
3
ZXR10(config-std-acl)#move<rule-no>{after|
before}<rule-no>
Thismovesarulebehindof
anotherrule.
ExampleThisexampledeîš¿nesastandardACL.TheACLpermitspackets
fromthenetworksegment192.168.1.0/24topass,butreject
packetswiththesourceIPaddressof192.168.1.100.
ZXR10(config)#aclstandardnumber10
ZXR10(config-std-acl)#rule1deny192.168.1.1000.0.0.0
ZXR10(config-std-acl)#rule2permit192.168.1.00.0.0.255
ConfiguringExtendedACL
Step
CommandFunction
1
ZXR10(config)#aclextend{number<acl-number>|n
ame<acl-name>}
ThisenterstheextendedACL
conîš¿guration.
2
ZXR10(config-ext-acl)#rule<rule-no>{permit|d
eny}{<source><source-wildcard>|any}{<dest
><dest-wildcard>|any}[<icmp-type>[icmp-code
<icmp-code>]][{[precedence<pre-value>][tos
<tos-value>]}|dscp<dscp-value>][fragment][time-
range<timerange-name>]
Thisconîš¿gurestherules
basedonICMP .
3
ZXR10(config-ext-acl)#rule<rule-no>{permit|deny
}{<ip-number>|ip}{<source><source-wildcard>|a
ny}{<dest><dest-wildcard>|any}[{[precedence
<pre-value>][tos<tos-value>]}|dscp<dscp-value
>][fragment][time-range<timerange-name>]
Thisconîš¿gurestherules
basedonIPorIPprotocol
number(excludedICMP ,TCP ,
UDP)
4
ZXR10(config-ext-acl)#rule<rule-no>{permit|den
y}{<source><source-wildcard>|any}[<rule><port
>]{<dest><dest-wildcard>|any}[<rule><port>][est
ablished][{[precedence<pre-value>][tos<tos-val
ue>]}|dscp<dscp-value>][fragment][time-range
<timerange-name>]
Thisconîš¿gurestherules
basedonTCP .
Conîš¿dentialandProprietaryInformationofZTECORPORATION61

Table of Contents

Other manuals for Zte ZXR10 5900 Series

Preview: Hardware Manual
Hardware Manual53 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Zte ZXR10 5900 Series and is the answer not in the manual?

Zte ZXR10 5900 Series Specifications

General IconGeneral
BrandZte
ModelZXR10 5900 Series
CategorySwitch
LanguageEnglish

Related product manuals