EasyManuals Logo
Home>Zte>Switch>ZXR10 5900 Series

Zte ZXR10 5900 Series User Manual

Zte ZXR10 5900 Series
208 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #77 background imageLoading...
Page #77 background image
Chapter7ACLConîš¿guration
ConfiguringHybridACL
Step
CommandFunction
1
ZXR10(config)#aclhybrid{number<acl-number>|n
ame<acl-name>}
ThisentersthehybridACL
conîš¿guration.
2
ZXR10(config-hybd-acl)#rule<rule-no>{permit|d
eny}{<ip-number>|ip}{<source><source-wildc
ard>|any}{<dest><dest-wildcard>|any}{[any
|<etherprotocol>]}[cos<0-7>][<vlan-id>][ingress
<source-mac><source-mac-wildcard>egress
<dest-mac><dest-mac-wildcard>][time-range
<timerange-name>]
Thisconîš¿gurestherules
basedonIPorIPprotocol
number(excludedICMP ,TCP ,
UDP).
3
ZXR10(config-hybd-acl)#rule<rule-no>{pe
rmit|deny}{<source><source-wildcard>|
any}{[<dest-ip><dest-wildcard>|any{ethe
r-protocol}[<vlan-id>][cos<value>][egress
<dst-mac><dst-wildcard>][ingress<sor-mac><s
or-wildcard>][time-range<range-name>]][eq
<port-number>{<dst-mac><dst-wildcard>|
any}<ether-protocol>[<vlan-id>][cos<value
>][egress<dst-mac><dst-wildcard>][ingress
<sor-mac><sor-wildcard>][time-range
<range-name>]]}
Thisconîš¿gurestherules
basedonTCP .
4
ZXR10(config-hybd-acl)#rule<rule-no>{pe
rmit|deny}{<source><source-wildcard>|
any}{[<dest-ip><dest-wildcard>|any{ethe
r-protocol}[<vlan-id>][cos<value>][egress
<dst-mac><dst-wildcard>][ingress<sor-mac><s
or-wildcard>][time-range<range-name>]][eq
<port-number>{<dst-mac><dst-wildcard>|
any}<ether-protocol>[<vlan-id>][cos<value
>][egress<dst-mac><dst-wildcard>][ingress
<sor-mac><sor-wildcard>][time-range
<range-name>]]}
Thisconîš¿gurestherules
basedonUDP .
5
ZXR10(config-hybd-acl)#move<rule-no>{after|
before}<rule-no>
Thismovesarulebehind
anotherrule.
ExampleThisshowsanextendedACLtoperformthefollowingfunctions:
1.PermitUDPpacketsfromthenetworksegment
210.168.1.0/24,thedestinationIPaddress210.168.2.10,
destinationMACaddress00d0.d0c0.5741,thesourceport
100andthedestinationport200topass.
2.ForbidtheBGPpacketsfromthenetworksegment
192.168.3.0/24passing.
3.ForbidallpacketswiththeMACaddress0100.2563.1425.
ZXR10(config)#aclhybridnumber300
ZXR10(config-hybd-acl)#rule1permitudp210.168.1.00.0.0.255Eq
100210.168.2.100.0.0.0eq200anyEgress
00d0.d0c0.57410000.0000.0000
ZXR10(config-hybd-acl)#rule2denytcp192.168.3.00.0.0.255
EqBGPanyany
ZXR10(config-hybd-acl)#rule3denyanyanyanyingress
0100.2563.14250000.0000.0000
Conîš¿dentialandProprietaryInformationofZTECORPORATION63

Table of Contents

Other manuals for Zte ZXR10 5900 Series

Preview: Hardware Manual
Hardware Manual53 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Zte ZXR10 5900 Series and is the answer not in the manual?

Zte ZXR10 5900 Series Specifications

General IconGeneral
BrandZte
ModelZXR10 5900 Series
CategorySwitch
LanguageEnglish

Related product manuals