ZXR105900/5200SeriesUserManual(BasicConîš¿gurationVolume)
ConfiguringanACLtoSupport
Renaming
Toconîš¿gureanameforACLrule,usethefollowingcommands.
Step
CommandFunction
1
ZXR10(config)#aclstandard{number<acl-number
>|name<acl-name>}
ThisentersACLconîš¿guration
mode.
2
ZXR10(config-std-acl)#rule<1-100>{permit|deny
}{<source>[<source-wildcard>]|any}[time-range
<timerange-name>]
Thisconîš¿gurestherulesof
ACL.
3
ZXR10(config-std-acl)#rule-description
<1-100><rule-description>
Thisconîš¿guresnamefora
rule.
Example:Deîš¿neastandardACL,permittingpacketsfromnet-
worksegment192.168.1.0/24topassthroughanddenyingpack-
etswhosesourceIPaddressesare192.168.1.100.Rule1andrule
2canbeconîš¿gureddifferentname.
ZXR10(config)#aclstandardnumber10
ZXR10(config-std-acl)#rule1deny192.168.1.1000.0.0.0
ZXR10(config-std-acl)#rule-description1test1
ZXR10(config-std-acl)#rule2permit192.168.1.00.0.0.255
ZXR10(config-std-acl)#rule-description2test2
Note:
CurrentlyonlyIPv4standardACL,IPv4extendedACL,IPv4hybrid
ACLandIPv4layer2ACLsupportACLrenamingfunction.
ACLConfigurationExample
AcompanyhasanEthernetswitch,towhichusersofbothde-
partmentAanddepartmentBandserversareconnected.Thisis
showninFigure18.Therelevantprovisionsasfollows:
1.UsersofbothdepartmentAanddepartmentBareforbidden
toaccesstheFTPserverandtheVODserverinworktime
(9:00–17:00),butcanaccesstheMailserveratanytime.
2.InternaluserscanaccesstheInternetthroughproxy
192.168.3.100,butusersofdepartmentAareforbiddento
accesstheInternetinworktime.
3.GeneralManagersofbothdepartmentAanddepartmentB
(withtheirIPaddressesas192.168.1.100and192.168.2.100
respectively)mayaccesstheInternetandallserversatany
time.
TheIPaddressesoftheserversareasfollows:
66Conîš¿dentialandProprietaryInformationofZTECORPORATION
To Next Page
Loading...
Need help?
General